[help] Improve login script - Printable Version +- Support Forums (https://www.supportforums.net) +-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87) +--- Forum: Coding Support Forums (https://www.supportforums.net/forumdisplay.php?fid=18) +---- Forum: PHP The Hypertext Preprocessor (https://www.supportforums.net/forumdisplay.php?fid=21) +---- Thread: [help] Improve login script (/showthread.php?tid=27397) |
[help] Improve login script - Montana" - 11-21-2012 I am fairly new at php and just wrote this login script. Please rate, suggest and comment. For any questions about the script you can send me a pm or comment. I am from the Netherlands by the way. Thanks for commenting! Login form PHP Code: <?php session_start();?> PassHash PHP Code: <?php Registration page PHP Code: <title>Registratie</title> Password verification page PHP Code: <?php RE: [help] Improve login script - Haxalot - 03-18-2013 It's generally bad practice to use static properties/methods due to their globalised scope. Also, it would be better if you opted to eschew the original MySQL functions, due to their outdated nature (and they're currently in deprecation). Try MySQLi or PDO since you're using the object-oriented paradigm. I'd also like to see the sanitise.php file as well, because I'm curious how you're protecting yourself form both XSS and SQLi attacks with that one function. I assume you're using functions like htmlspecialchars() or htmlentities() to prevent XSS attacks; however these escaping functions should only be invoked upon outputting data from the database (not when inputting data). Information inside the database should be kept intact until you're manipulating it as a general rule of thumb. |