Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Simple secure login script.
#1
A member nicknamed Janvier123 in a forum released this script in public, he said that it has "anti SQL inject". Take a look at the code bellow and mind telling me if that is true ? I have no idea about security in PHP.

PHP Code:
<?php

// Edit your mssql info here
// BEGIN MSSQL INFO
$CONFIG['host'] = "localhost";
$CONFIG['user'] = "sa";
$CONFIG['pass'] = "server";
// END MSSQL INFO

//----------------------------- DO NOT EDIT ANYTHING BELOW HERE !!!!! ------------------------------------

$CONFIG['conn']  = mssql_connect$CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);

function 
anti_injection($sql) {
   
$sql preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
   
$sql trim($sql);
   
$sql strip_tags($sql);
   
$sql addslashes($sql);
   return 
$sql;
}
//----------------------------------------------------------------------------------------------------------

if(isset($_GET['action']) && ($_GET['action'] == "login")){

    
$user anti_injection($_POST['user']);
    
$pass anti_injection($_POST['pass']);
    
$crypt_pass md5($pass);
        
    
$result1 mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_id = '".$user."'"); 
    
$count1 mssql_num_rows($result1); 

    
$result2 mssql_query("SELECT user_pwd FROM account.dbo.user_profile WHERE user_id = '".$user."'"); 
    
$row2 mssql_fetch_row($result2); 

    if(
$count1 == '0') {
        echo 
'<br>This game account is not found in the database.';
    }
    elseif(
$row2[0] != $crypt_pass) {
        echo 
'<br>Wrong password. Try again.';
    }
    elseif(
$_GET['login'] != 'login' && $count1 == '0') {
        echo 
'<br>Login Error, Please login again.';
    } else {
    
    
// Begin secure content 
        
$_SESSION['user'] = $user;
        echo 
"<h3>Welcome, ".$_SESSION['user']."</h3>";
        echo 
"<br>";
        echo 
"Your content here";
    
// Dont forget to and your session
    // session_destroy();
    // End secure content
    
}
} else {
  
echo 
'<h2>Login here</h2><br /> 
    <form name="" action="'
.$_SERVER['php_self'].'?action=login" method="post"> 
        Name: <input type="text" name="user" maxlength="16"><br /> 
        Password: <input type="password" name="pass" maxlength="16"> <br />
        <input type="submit" value="Login!"> 
    </form>'
;
}
?>
Reply
#2
Yes it is true, or atleast appears so....
Anyway in the function anti_injection, replace the following:
PHP Code:
$sql addslashes($sql);
// WITH
$sql addcslashes(mysql_real_escape_string($sql), "%_"); 

This now takes LIKE injections into consideration.
Reply
#3
Nice But How should I do If I want to alow more User then One?Smile
wayneee-
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [help] Improve login script Montana" 1 1,579 03-18-2013, 12:59 PM
Last Post: Haxalot
  Don't need to login Strafeness 5 1,873 01-21-2012, 08:28 AM
Last Post: AceInfinity
  Creating a simple PHP/MySQL login script ndee 16 9,770 05-14-2011, 02:18 AM
Last Post: モrainee
  Members Area (login) Script? Danny 6 2,949 12-12-2010, 07:19 PM
Last Post: Saint Michael
  php form script with upload script help andrewjs18 4 3,075 10-07-2010, 11:46 AM
Last Post: JMK940

Forum Jump:


Users browsing this thread: 1 Guest(s)