11-13-2007, 10:52 AM
|
#14 (permalink)
|
|
The Acquainted
Join Date: Nov 2007
Location: Sweden
Posts: 106
Thanks: 13
|
My standard login mechanics - is it secure ?
While reading this interesting thread i got a little worried that my standard login code had short commings. so i wish for you to take a look and see if i can make some improvements to it.
I apologize in advanced for my english since i´m from sweden and it might be a little rusty. :)
PHP Code:
$user = strip_tags(trim($_POST['adm_login_user']));
$password = strip_tags(trim($_POST['adm_login_psw']));
// login --------------------------------
$sql = "SELECT * from com_usr WHERE is_username='" . $user . "' AND is_password='" . md5($password) . "' AND active=1";
$result = mysql_query($sql);
if (!$result) {
echo("Could not perform MySQL query: " . mysql_error() . "");
exit();
}
$user_exist = mysql_num_rows($result);
while ( $row = mysql_fetch_array($result) ) {
$id = $row["ID"];
$username = $row["is_username"];
$active = $row["is_active"];
$admin_lvl = $row["is_admin_level"];
$auth = $row["is_author"];
}
if ($user_exist > 0) {
// Do something like setting session variables
} else {
// Send user back with error message
}
|
|
|
|