Lewis Lewis - 7 months ago 21
PHP Question

Is this login script safe?

Okay, essentially what my question is asking is if their is any major security threats using the login script below and if so what can I use to prevent any SQL injections or users logging into my service without providing correct details? I understand that I'm using an outdated version of PHP however my whole site is built on this previous version and I understand this poses risks using a outdated build.

Login Form

<form method="post" action="login.php?login=login">

<input type='text' placeholder="username" class='form-control' name='username' required autofocus/>
<input type='password' placeholder="password" class='form-control' name='password' required/>
<input class='btn btn-default btn-block' type='submit' value='Login' class='submit' />

</form>


removed

Answer

First of all, what is clean() function?

Secondly, don't use MD5 encryption method, use at least sha256. This is because MD5 is bad for hashing password due to its security weaknesses and due to it being too fast. If you want more security use salt combined with sha256. And here's why.

Thirdly, you are passing the user input to the database just like they are, which means your script is vulnerable to SQL Injection. You should use Prepared Statements. An official documentation here explains how to use them.

Fourthly, you should replace these lines:

echo('<meta http-equiv="refresh" content="3;url=/login" />');
echo('<meta http-equiv="refresh" content="1;url=/home" />');

with these one:

header('Location: /login');
header('Location: /home');

The reason is that use of meta refresh is discouraged by the World Wide Web Consortium. More information can be found here.

Last but not least, you are using the old deprecated mysql extension. You should use mysqli or PDO extension to access the database.

Comments