Results 1 to 2 of 2

Thread: Make a secure connection so no one can view it unless you have the right credentials

  1. #1
    Join Date
    Sep 2010

    Make a secure connection so no one can view it unless you have the right credentials

    I am trying to make a secure connection in "secure_session.php" so no one can view it unless you have the correct username and password.

             <script language="javascript" type="text/javascript">
    		function btn_secure(){	
    	<form name="form_secure" action="http://www.philosophaie.com/htmlphp/secure_session.php" method="post"></form>
    		<center><table><tr><td><br /><br /><br /><br />
    			<label id="Label1">Username</label></td></tr><tr><td>
    			<input name="user" type="text" /></td></tr><tr><td>
    			<label id="Label2">Password</label></td></tr><tr><td>
    			<input name="pass" type="text" /></td></tr><tr><td>
    			<input name="Button1" type="button" value="Login" onclick="btn_secure()"  />

    PHP Code:
    $pass filter_input(INPUT_POST"pass");
    $conn mysql_connect(connection string works);
    $sql "SELECT * FROM register WHERE username=$user And password=$pass;";
    $result mysql_query($sql$conn);
        if (
    $result == null) { 
    header("Location: http://www.mysite.com/secure_login.htm");
    //html code
    Last edited by Philosophaie; 05-27-2014 at 04:45 AM.

  2. #2
    Join Date
    Jul 2013
    Voorheesville NY USA
    1 - be sure that you php code is stored outside the web tree.
    2 - use a modern db extension such as mysqlI or PDO since MySQL has been scheduled for execution for years.
    3 - use prepared queries which will not only correct your current query statement but be the safest way to execute a query
    4 - use a type=password input tag for the password entry
    5 - use a modern hashing scheme on your password when you store it
    6 - stop using br tags inside your table. Use css to add a margin to the top if you really want to push it down the page.

    And - why use a 'button' tag with js to do your submit, when a type='submit' input tag will do the same? You're not using that js call to do anything else (like input validation) so why the obfuscation?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center