Supportnet Computer
Planet of Tech

Supportnet / Forum / Skripte(PHP,ASP,Perl...)

Script





Frage

Hallo liebe Supportnetler Ich wollte mal kurz fragen, ob mein Loginscript sicher ist: [i]<?php /* SAC-SecurityAccessControl by Pete - letztes Update 14.04.08 */ session_start(); // Includes // VarDef $session_id = md5(session_id()); $submit = $_POST['submit']; $username = $_POST['user']; $password = md5($_POST['pwd']); // Loginscript echo '<html><head> <!-- Copyright by Pete--> <title>Login</title> <!-- Settings --> <meta http-equiv="content-language" content="de"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="pragma" content="no-cache"> <!-- Incluedes --> <link id="CSS" rel="stylesheet" href="layout1.css"> </head><body bgcolor="#CCCCCC" background="img/wallpaper.jpg"> <form method="POST" action="'.$_SERVER[PHP_SELF].'"> <div align="center"> <center> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="328" id="AutoNumber1" background="img/login.gif" height="131"> <tr> <td width="31" height="104">&nbsp;</td> <td width="297" height="104" colspan="2">&nbsp;</td> </tr> <tr> <td width="31" height="19">&nbsp;</td> <td width="297" height="19" colspan="2"><b><font face="Tahoma" size="2">Autorisierung erforderlich</font></b></td> </tr> <tr> <td width="31" height="19">&nbsp;</td> <td width="297" height="19" colspan="2"><font face="Tahoma" size="2">Bitte geben Sie ihren Benutzername und ihr Passwort ein.</font></td> </tr> <tr> <td width="31" height="19">&nbsp;</td> <td width="297" height="19" colspan="2">&nbsp;</td> </tr> <tr> <td width="31" height="1">&nbsp;</td> <td width="105" height="1"> <font face="Tahoma" size="2">Benutzername:</font></td> <td width="192" height="1"> <font face="Tahoma" size="2"> <input type="text" name="user" size="20"></font></td> </tr> <tr> <td width="31" height="19">&nbsp;</td> <td width="105" height="19"><font face="Tahoma" size="2">Passwort:</font></td> <td width="192" height="19"><font face="Tahoma" size="2"> <input type="password" name="pwd" size="20"></font></td> </tr> <tr> <td width="31" height="19">&nbsp;</td> <td width="297" height="19" colspan="2">&nbsp;</td> </tr> <tr> <td width="31" height="32">&nbsp;</td> <td width="297" height="32" colspan="2"> <div align="right"> <input type="submit" name="submit" value=" OK " style="float: left"><input type="submit" value="Abbrechen" style="float: left"></div> </td> </tr> <tr> <td width="31" height="1">&nbsp;</td> <td width="297" height="1" colspan="2"></td> </tr> </table> </center> </div> </form> </body></html>'; if (isset($submit)) { if ($_SESSION[session_id]==$session_id) { if ($username != "" && $password != "") { $sqldo = sprintf("SELECT * FROM user WHERE user='%s' AND password='%s'", mysql_real_escape_string($username), mysql_real_escape_string($password)); $sqlout = mysql_query ($sqldo); if (mysql_num_rows ($sqlout) > 0) { $data = mysql_fetch_array ($sqlout); $_SESSION["user_id"] = $data["id"]; } else { session_destroy(); die('Fehler1!'); } } else { session_destroy(); die('Fehler1!'); } } else { session_destroy(); die('Fehler2!'); } } else { $_SESSION["session_id"] = $session_id; } ?>[/i] Danke für eure Hilfe! mlg Pete

Antwort von