Graphic Design Forum and Web Design Forum  

Go Back   Graphic Design Forum and Web Design Forum »Web Design Forum »Programming Forum

Notices

Programming Forum Web and Software Programming Forum - Java, PHP, SQL etc.


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 27-03-2008, 09:21 PM
prydie's Avatar
Member
 
Join Date: Mar 2008
Posts: 64
Default Advanced Mysql / PHP database backed login script

I conformed to popular demand and did a version 1.2 of my login script. Its new features include md5 encryption and the use of a database instead of variables stored in the script.

Advanced Mysql / PHP database backed login script at Pryde Design

Anyway hope it helps digg // subscribe if you liked it as usual and yeah ehmm thats about it lol.

Hope you like it

- Andrew
__________________
Site: http://pryde-design.co.uk
Blog: http://blog.pryde-design.co.uk - subscribe (pls)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!RSS Share on Facebook Share This Article & VoteForum Netvibes Page
Reply With Quote
  #2 (permalink)  
Old 27-03-2008, 09:26 PM
tommylogic's Avatar
Markup Validation Nazi
 
Join Date: Apr 2007
Location: USA
Posts: 3,538
Default

ummm.. Toon, you give me sh*t about writing 2 page tutorials that directly relate to questions that people actually ask here. Hmmmmph, I better not hear another peep from you on that, brother
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!RSS Share on Facebook Share This Article & VoteForum Netvibes Page
Reply With Quote
  #3 (permalink)  
Old 28-03-2008, 11:52 AM
Toon's Avatar
Netvibes is an Addiction™
 
Join Date: Jan 2007
Location: Sheffield, UK
Posts: 15,724
Default

Yeah but linking to them from here is too easy, it will never make your site popular you both have to realize the web is full of the same tutorials, what makes yours and your site better than the rest?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!RSS Share on Facebook Share This Article & VoteForum Netvibes Page
Reply With Quote
  #4 (permalink)  
Old 28-03-2008, 12:15 PM
Arkady's Avatar
Dalek Lover
 
Join Date: Apr 2007
Location: Glasgow
Posts: 1,415
Default

It looks to me, like you have laid your self wide open to an SQL injection attack. I would suggest you rethink your approach.
__________________
Just loving the whoness of it all.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!RSS Share on Facebook Share This Article & VoteForum Netvibes Page
Reply With Quote
  #5 (permalink)  
Old 28-03-2008, 03:03 PM
prydie's Avatar
Member
 
Join Date: Mar 2008
Posts: 64
Default

Were do you suggest that there is sql injection? There is only one query and that has addslashes on the only user inputed variable.
__________________
Site: http://pryde-design.co.uk
Blog: http://blog.pryde-design.co.uk - subscribe (pls)

Last edited by prydie; 28-03-2008 at 03:20 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!RSS Share on Facebook Share This Article & VoteForum Netvibes Page
Reply With Quote
  #6 (permalink)  
Old 28-03-2008, 08:44 PM
Arkady's Avatar
Dalek Lover
 
Join Date: Apr 2007
Location: Glasgow
Posts: 1,415
Default

Quote:
Originally Posted by prydie View Post
Were do you suggest that there is sql injection? There is only one query and that has addslashes on the only user inputed variable.
I'm sorry , but the addslashes class doesn't afford you any protection against SQL injection attacks. You have to detect malicious user input pro-actively using advanced error rejection exception techniques, or regular expression string rejection constructs.
__________________
Just loving the whoness of it all.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!RSS Share on Facebook Share This Article & VoteForum Netvibes Page
Reply With Quote
  #7 (permalink)  
Old 28-03-2008, 09:24 PM
prydie's Avatar
Member
 
Join Date: Mar 2008
Posts: 64
Default

I advocate high security coding but I was trying to write a simple script for beginners to learn from. I suppose mysql_real_escape_string() could have been used but add slashes gives us the security we need here. I can't see any way to inject it but you are welcome to try. I will send it across to one of my mates in the security field and see what they think but I am confident that there is no means of exploiting the script.
__________________
Site: http://pryde-design.co.uk
Blog: http://blog.pryde-design.co.uk - subscribe (pls)

Last edited by prydie; 28-03-2008 at 09:47 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!RSS Share on Facebook Share This Article & VoteForum Netvibes Page
Reply With Quote
  #8 (permalink)  
Old 31-03-2008, 01:08 PM
Acuity's Avatar
Jah Jah Crown
 
Join Date: Feb 2008
Location: Big Bad London
Posts: 170
Default

any chance of seeing your version with the member registration bro?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!RSS Share on Facebook Share This Article & VoteForum Netvibes Page
Reply With Quote
  #9 (permalink)  
Old 31-03-2008, 04:01 PM
prydie's Avatar
Member
 
Join Date: Mar 2008
Posts: 64
Default

I will be posting it soon. I have got registration going but need to make sure that its all working properly and is totally secure.

Thanks for the interest

I will post a thread about version 1.3 when I release it.

- Andrew
__________________
Site: http://pryde-design.co.uk
Blog: http://blog.pryde-design.co.uk - subscribe (pls)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiReddit! Stumble this Post!RSS Share on Facebook Share This Article & VoteForum Netvibes Page
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
WordPress Database Error MySQL Server has Gone Away Graphic Design Blog Graphic Design Blog 0 02-05-2008 06:02 AM
PHP Login Script / form prydie Programming Forum 0 26-03-2008 09:37 PM
How to Create an Advanced CSS Menu Graphic Design Links Graphic Design Links 0 30-10-2007 01:00 PM
PHP Login Tutorial PR Design Graphic Design Tutorials 0 21-09-2007 07:10 PM
login help plzzzzzzzz rr_designz Programming Forum 2 21-05-2007 02:27 AM


All times are GMT. The time now is 05:29 AM.



Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0 RC5