Treefrog wrote:
> "Tex John" <john@logontexas.com> wrote in message
> news:6hZ2e.14821$1H3.14027@tornado.texas.rr.com...
>
>>http://www.devshed.com/c/a/PHP/Creat...-Login-Script/
>>
>>is a start...
>>
>>hth,
>>John
>
>
> Grr, top post! breeeath.... ah, never mind.
>
> I've just quickly looked through that article and have something to add for
> a secure login script.
>
> Martin suggested using the following query to check a login:
> $sql = "SELECT * FROM member WHERE " .
> "username = $username AND " .
> "password = $password";
>
> However, that's vulnerable to SQL injection, the following method is much
> more restrictive to injection attacks.
>
> $sql = "SELECT * FROM member WHERE username=$username"
> $row = fetch_array......
>
> if ($row["password"] == $_GET['password']){
> login ok.
> }
>
> Why is it more secure?

It's not.

> Well, first off, they only have one variable to inject into (ok, not much of
> a help) but even IF they did something like "SELECT .... WHERE username=' '
> or username like '%'"

Well you could just use mysql_real_escape_string(), and this wouldn't be
a problem at all...

> they would STILL have to know a valid password for the PHP comparison. Not
> totally bomb proof bit a bit more secure than the above version.
>

Also, you shouldn't store unencrypted in your database. You should hash
them using md5() (or sha1()) before storing them, and then compare
against the md5() (or sha1()) of the user input.

--
Oli