pagina beveiligen van mijn script
Dit is de script
Login.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<?
ob_start();
require_once($_SERVER['DOCUMENT_ROOT'].'db_connect.php');
if(isset($_SESSION['username']) && isset($_SESSION['password'])) {
header("Location: http://www.yoursite.com");
}
if(isset($_POST['submit'])) {
if(!$_POST['username']) die("Error: You must enter your username before logging in.");
if(!$_POST['password']) die("Error: You must enter your password before logging in.");
if(!empty($_POST['stay_in'])) {
$joined =''.$_POST['username'].'[]'.md5($_POST['password']).'';
setcookie('login_cookie', $joined, 2147483647, '/', '.http://remy1990.phpnet.us');
}
$get_user = mysql_query("SELECT * FROM `members` WHERE username = '".$_POST['username']."' AND
user_password = '".md5($_POST['password'])."'");
$q = mysql_fetch_object($get_user);
if(!$q) die("Login Failure: An error occured, please verify your username and password are correct.");
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
session_write_close();
header("Location: http://remy1990.phpnet.us/index2.php");
} else {
?>
ob_start();
require_once($_SERVER['DOCUMENT_ROOT'].'db_connect.php');
if(isset($_SESSION['username']) && isset($_SESSION['password'])) {
header("Location: http://www.yoursite.com");
}
if(isset($_POST['submit'])) {
if(!$_POST['username']) die("Error: You must enter your username before logging in.");
if(!$_POST['password']) die("Error: You must enter your password before logging in.");
if(!empty($_POST['stay_in'])) {
$joined =''.$_POST['username'].'[]'.md5($_POST['password']).'';
setcookie('login_cookie', $joined, 2147483647, '/', '.http://remy1990.phpnet.us');
}
$get_user = mysql_query("SELECT * FROM `members` WHERE username = '".$_POST['username']."' AND
user_password = '".md5($_POST['password'])."'");
$q = mysql_fetch_object($get_user);
if(!$q) die("Login Failure: An error occured, please verify your username and password are correct.");
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
session_write_close();
header("Location: http://remy1990.phpnet.us/index2.php");
} else {
?>
<form name="login" method="post" action="">
<table>
<tr>
<td>Gebruikersnaam:
<input type="text" id="username" name="username"></td>
</tr>
<tr>
<td>Paswoord:
<input type="password" id="password" name="password"></td>
</tr>
<tr>
<td>Inloggen:
<input type="submit" value="inloggen" name="submit" id="submit"></td>
</tr>
<tr>
<td>Onthouden?
<input type="checkbox" name="stay_in[]" checked="yes"></td>
</tr>
</table>
</form>
db_connect.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
<?php
$database[dbserver]="sql3.phpnet.us";
$database[dbuser]="pn_266703";
$database[dbname]="pn_266703_remy";
$database[dbpass]="";
$table ="Members";
$connect = mysql_connect($database['dbserver'], $database['dbuser'], $database['dbpass']);
$select= mysql_select_db($database['dbname']);
?>
$database[dbserver]="sql3.phpnet.us";
$database[dbuser]="pn_266703";
$database[dbname]="pn_266703_remy";
$database[dbpass]="";
$table ="Members";
$connect = mysql_connect($database['dbserver'], $database['dbuser'], $database['dbpass']);
$select= mysql_select_db($database['dbname']);
?>
Registeren.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<?
require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php');
//SEE IF ALREADY LOGGED IN
if($_SESSION['logged_in'] == 1)
{
//REDIRECT TO HOMEPAGE
header('Location: http://' . $_SERVER['HTTP_HOST'] . '');
} else {
if(isset($HTTP_POST_VARS['submit']))
{
//BEGIN CHECKING USERNAME...
if(!$_POST['username']) die('Alert: username field was blank.');
//array of invalid characters
$junk = array('.' , ',' , '/' , '\' , '`' , ';' , '[' , ']' , '-',
'*', '&', '^', '%', '$', '#', '@', '!', '~', '+', '(', ')',
'|', '{', '}', '<', '>', '?', ':', '"', '=');
//starting lenght of username
$len = strlen($_POST['username']);
//replace invalid characters
$_POST['username'] = str_replace($junk, '', $_POST['username']);
$test = $_POST['username'];
//if lenghts are different ($len smaller), invalid characters found, so prompt error.
if(strlen($test) != $len) {
die('Username Error: Username contained invalid characters. You can only use A-Z, 0-9 and the
underscore (_).');
}
//Check if username already exists...
$q2 = mysql_query("SELECT * FROM `members` WHERE `username` = '".$_POST['username']."'");
$q3 = mysql_fetch_object($q2);
if($q3->username == $_POST['username']) {
die('<BR><BR>Sorry, but the username "'.$q3->username.'" is taken, please choose another.');
}
//PASSWORD
if(!$_POST['password']) {
die('Error: Password field was blank');
}
if(!$_POST['verify_password']) {
die('Error: Verify Password field was blank.');
}
if($_POST['password'] != $_POST['verify_password']) {
die('Error: The passwords do not match.');
}
if(strlen($_POST['password']) < 6 ) {
die('Error: Your password is too short. Must be 6 or more characters in length.');
}
//ADD NEW MEMBER
$insert ="INSERT INTO `members` (username, user_password, user_email) VALUES ('".$_POST['username']."',
'".md5($_POST['password'])."', '".$_POST['email']."')";
$insert2 = mysql_query($insert);
if(!$insert2) die(mysql_error());
echo('Registration Successful, Welcome new member! You can now login to your new account.');
} else {
?>
require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php');
//SEE IF ALREADY LOGGED IN
if($_SESSION['logged_in'] == 1)
{
//REDIRECT TO HOMEPAGE
header('Location: http://' . $_SERVER['HTTP_HOST'] . '');
} else {
if(isset($HTTP_POST_VARS['submit']))
{
//BEGIN CHECKING USERNAME...
if(!$_POST['username']) die('Alert: username field was blank.');
//array of invalid characters
$junk = array('.' , ',' , '/' , '\' , '`' , ';' , '[' , ']' , '-',
'*', '&', '^', '%', '$', '#', '@', '!', '~', '+', '(', ')',
'|', '{', '}', '<', '>', '?', ':', '"', '=');
//starting lenght of username
$len = strlen($_POST['username']);
//replace invalid characters
$_POST['username'] = str_replace($junk, '', $_POST['username']);
$test = $_POST['username'];
//if lenghts are different ($len smaller), invalid characters found, so prompt error.
if(strlen($test) != $len) {
die('Username Error: Username contained invalid characters. You can only use A-Z, 0-9 and the
underscore (_).');
}
//Check if username already exists...
$q2 = mysql_query("SELECT * FROM `members` WHERE `username` = '".$_POST['username']."'");
$q3 = mysql_fetch_object($q2);
if($q3->username == $_POST['username']) {
die('<BR><BR>Sorry, but the username "'.$q3->username.'" is taken, please choose another.');
}
//PASSWORD
if(!$_POST['password']) {
die('Error: Password field was blank');
}
if(!$_POST['verify_password']) {
die('Error: Verify Password field was blank.');
}
if($_POST['password'] != $_POST['verify_password']) {
die('Error: The passwords do not match.');
}
if(strlen($_POST['password']) < 6 ) {
die('Error: Your password is too short. Must be 6 or more characters in length.');
}
//ADD NEW MEMBER
$insert ="INSERT INTO `members` (username, user_password, user_email) VALUES ('".$_POST['username']."',
'".md5($_POST['password'])."', '".$_POST['email']."')";
$insert2 = mysql_query($insert);
if(!$insert2) die(mysql_error());
echo('Registration Successful, Welcome new member! You can now login to your new account.');
} else {
?>
<table>
<form name="signup" action="" method="POST">
<tr>
<td>Gebruikersnaam: <BR>
(Alleen A-Z, 0-9 en _ geldig)<BR></td>
<td><input type="text" id ="username" name="username" value="" maxlength="30"> <BR></td>
</tr>
<tr>
<td>Paswoord:</td>
<td><input type="password" id="password" name="password" value="" maxlength="30"><BR> (minimum 6
characters)</td>
</tr>
<tr>
<td>Nog eens paswoord:</td>
<td><input type="password" id="verify_password" name="verify_password" value="" maxlength="30"><BR>
</td>
</tr>
<tr>
<td>Email:</td>
<td><input type="text" id="email" name="email" value="" size="30"><br></td>
</tr>
<tr>
<td>klik op verzenden om af te ronden </td>
<td><input type="submit" id="submit" name="submit" value="verzenden"></td>
</tr>
</form>
</table>
en dan heb ik nog uitloggen.
Kortom: Wat is je probleem? Een script heb je al zo te zien.
Code (php)
Edit:
een username in een sessie is ivm sessie kaping niet zo slim! ;) Maar daar kan je vast wel wat op verzinnen!
een username in een sessie is ivm sessie kaping niet zo slim! ;) Maar daar kan je vast wel wat op verzinnen!
Gewijzigd op 01/01/1970 01:00:00 door Robert Deiman