TalkPHP - View Single Post - How to Login to Any Account on an Insecure Site

Mohammad · 12-14-2008, 09:30 PM

I created my personal! function:

PHP Code:


			
function CleanInput($input) {

return trim(str_replace(array("/","'",'"',";",":","+","--","*"), "", $input));

}

and what I do in login pages is :
- First i check that the user exists or not
- Then i retrive user information
- Passwords which are entered in form & are in DB (both in md5) compared with php
- Session/cookie sets with entered information

and in pages that need user login status, same proccess are done (except 4)!
Is it correct ?

()

12-14-2008, 09:30 PM	#17 (permalink)
Mohammad The Visitor Join Date: Dec 2008 Location: Tehran, Iran Posts: 2 Thanks: 2	I created my personal! function: PHP Code: `function CleanInput($input) { return trim(str_replace(array("/","'",'"',";",":","+","--","*"), "", $input)); }` and what I do in login pages is : - First i check that the user exists or not - Then i retrive user information - Passwords which are entered in form & are in DB (both in md5) compared with php - Session/cookie sets with entered information and in pages that need user login status, same proccess are done (except 4)! Is it correct ? (<!-- english problem -->)