Supportnet / Forum / Skripte(PHP,ASP,Perl...)
Script
Frage
Hallo liebe Supportnetler
Ich wollte mal kurz fragen, ob mein Loginscript sicher ist:
[i]<?php
/* SAC-SecurityAccessControl by Pete - letztes Update 14.04.08 */
session_start();
// Includes
// VarDef
$session_id = md5(session_id());
$submit = $_POST['submit'];
$username = $_POST['user'];
$password = md5($_POST['pwd']);
// Loginscript
echo '<html><head>
<!-- Copyright by Pete-->
<title>Login</title>
<!-- Settings -->
<meta http-equiv="content-language" content="de">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="pragma" content="no-cache">
<!-- Incluedes -->
<link id="CSS" rel="stylesheet" href="layout1.css">
</head><body bgcolor="#CCCCCC" background="img/wallpaper.jpg">
<form method="POST" action="'.$_SERVER[PHP_SELF].'">
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="328" id="AutoNumber1" background="img/login.gif" height="131">
<tr>
<td width="31" height="104"> </td>
<td width="297" height="104" colspan="2"> </td>
</tr>
<tr>
<td width="31" height="19"> </td>
<td width="297" height="19" colspan="2"><b><font face="Tahoma" size="2">Autorisierung
erforderlich</font></b></td>
</tr>
<tr>
<td width="31" height="19"> </td>
<td width="297" height="19" colspan="2"><font face="Tahoma" size="2">Bitte geben Sie
ihren Benutzername und ihr Passwort ein.</font></td>
</tr>
<tr>
<td width="31" height="19"> </td>
<td width="297" height="19" colspan="2"> </td>
</tr>
<tr>
<td width="31" height="1"> </td>
<td width="105" height="1">
<font face="Tahoma" size="2">Benutzername:</font></td>
<td width="192" height="1">
<font face="Tahoma" size="2">
<input type="text" name="user" size="20"></font></td>
</tr>
<tr>
<td width="31" height="19"> </td>
<td width="105" height="19"><font face="Tahoma" size="2">Passwort:</font></td>
<td width="192" height="19"><font face="Tahoma" size="2">
<input type="password" name="pwd" size="20"></font></td>
</tr>
<tr>
<td width="31" height="19"> </td>
<td width="297" height="19" colspan="2"> </td>
</tr>
<tr>
<td width="31" height="32"> </td>
<td width="297" height="32" colspan="2">
<div align="right">
<input type="submit" name="submit" value=" OK " style="float: left"><input type="submit" value="Abbrechen" style="float: left"></div>
</td>
</tr>
<tr>
<td width="31" height="1"> </td>
<td width="297" height="1" colspan="2"></td>
</tr>
</table>
</center>
</div>
</form>
</body></html>';
if (isset($submit)) {
if ($_SESSION[session_id]==$session_id) {
if ($username != "" && $password != "") {
$sqldo = sprintf("SELECT * FROM user WHERE user='%s' AND password='%s'",
mysql_real_escape_string($username),
mysql_real_escape_string($password));
$sqlout = mysql_query ($sqldo);
if (mysql_num_rows ($sqlout) > 0) {
$data = mysql_fetch_array ($sqlout);
$_SESSION["user_id"] = $data["id"];
} else {
session_destroy();
die('Fehler1!');
}
} else {
session_destroy();
die('Fehler1!');
}
} else {
session_destroy();
die('Fehler2!');
}
} else {
$_SESSION["session_id"] = $session_id;
}
?>[/i]
Danke für eure Hilfe!
mlg Pete