www.webdeveloper.com
Results 1 to 2 of 2

Thread: Make a secure connection so no one can view it unless you have the right credentials

  1. #1
    Join Date
    Sep 2010
    Posts
    68

    Make a secure connection so no one can view it unless you have the right credentials

    I am trying to make a secure connection in "secure_session.php" so no one can view it unless you have the correct username and password.

    secure_login.htm
    Code:
    <body>
             <script language="javascript" type="text/javascript">
    		function btn_secure(){	
    			document.forms.form_secure.submit();
    		}
    	</script
    	<form name="form_secure" action="http://www.philosophaie.com/htmlphp/secure_session.php" method="post"></form>
    		<center><table><tr><td><br /><br /><br /><br />
    			<label id="Label1">Username</label></td></tr><tr><td>
    			<input name="user" type="text" /></td></tr><tr><td>
    			<label id="Label2">Password</label></td></tr><tr><td>
    			<input name="pass" type="text" /></td></tr><tr><td>
    			<input name="Button1" type="button" value="Login" onclick="btn_secure()"  />
                    </td></tr></table></center>
    	</form>
    </body>

    secure_session.php
    PHP Code:
    <?php
        $user 
    filter_input(INPUT_POST"user");
        
    $pass filter_input(INPUT_POST"pass");
        
    $conn mysql_connect(connection string works);
        
    mysql_select_db(dbase1);
        
    $sql "SELECT * FROM register WHERE username=$user And password=$pass;";
        
    $result mysql_query($sql$conn);
        if (
    $result == null) { 
                   return 
    header("Location: http://www.mysite.com/secure_login.htm");
            }
    ?>
    //html code
    Last edited by Philosophaie; 05-27-2014 at 03:45 AM.

  2. #2
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    776
    1 - be sure that you php code is stored outside the web tree.
    2 - use a modern db extension such as mysqlI or PDO since MySQL has been scheduled for execution for years.
    3 - use prepared queries which will not only correct your current query statement but be the safest way to execute a query
    4 - use a type=password input tag for the password entry
    5 - use a modern hashing scheme on your password when you store it
    6 - stop using br tags inside your table. Use css to add a margin to the top if you really want to push it down the page.

    And - why use a 'button' tag with js to do your submit, when a type='submit' input tag will do the same? You're not using that js call to do anything else (like input validation) so why the obfuscation?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles