Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Feb 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    [Help] I Need Help About Secure Page

    i need Master to fix my problem..
    i want make Secure To My Page..
    But I don't know how to coding it...
    I give you my script code..

    Login.php
    Code:
    <?php 
    session_start(); 
    include("passwords.php"); 
    if ($_POST["ac"]=="log") { /// do after login form is submitted  
         if ($USERS[$_POST["username"]]==$_POST["password"]) { ///  $USERS array  
              $_SESSION["logged"]=$_POST["username"]; 
         } else { 
              echo 'Incorrect username/password. Please, try again.'; 
         }; 
    }; 
    if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not  
         echo "You are logged in."; //// if user is logged show a message  
    } else { //// if not logged show login form 
         echo '<form action="donatealatan.php" method="post"><input type="hidden" name="ac" value="log"> '; 
         echo 'Username: <input type="text" name="username" /><br />'; 
         echo 'Password: <input type="password" name="password" /><br />'; 
         echo '<input type="submit" value="Login" />'; 
         echo '</form>'; 
    };
    
    ?>
    Logout.php
    Code:
    <?php
    session_start(); //Start the current session
    session_destroy(); //Destroy it! So we are logged out now
    header("location:login.php?msg=Successfully Logged out"); // Move back to login.php with a logout message
    ?>
    passwords.php
    Code:
    <?php 
    $USERS["admin123"] = "admin123"; 
    $USERS["username2"] = "password2"; 
    $USERS["username3"] = "password3"; 
     
    function check_logged(){ 
         global $_SESSION, $USERS; 
         if (!array_key_exists($_SESSION["logged"],$USERS)) { 
              header("Location: login.php"); 
         }; 
    }; 
    ?>
    And This My Page..And how to make my page is secure?
    donatealatan.php
    Code:
    <head>
    <style type="text/css">
    .style1 {
    	font-family: Castellar;
    	color: #00FF00;
    }
    .style2 {
    	color: #FF0000;
    }
    .style3 {
    	color: #0000FF;
    }
    .style5 {
    	color: #00FF00;
    }
    .style6 {
    	text-align: center;
    }
    </style>
    </head>
    <body style="background-color: #000000">
    <div class="style6">
    <span class="style3">
    <br></span><span class="style1">Donasi Alatan Gear</span><br>
    <span class="style2">Sila Masukan Nama Pemain Kemudian Tekan Butang Donasi</span>
    </div>
    <form enctype="multipart/form-data" action="donatealatan.php" method="POST">
    <div class="style6">
    <span class="style3">Nama Pemain Dan Posisi Item Tersebut<br>
    (Pemain Hendaklah Memakai Item Tersebut)</span><span class="style5"><br>
    Nama Pemain : <input type="text" name="id" style="width: 169px"><br />
    Posisi Item :</span>&nbsp;&nbsp;&nbsp;&nbsp; <input type="text" name="il" style="width: 171px"><br>
    <label id="Label1"></label><br>
    <span class="style3">Item Yang Hendak Diubah</span><span class="style5"><br>
    Magic3 :</span></span> <span class="style5">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <input type="text" name="ie" style="width: 171px"><br />
    Tahap F-Soul&nbsp; :</span></span> <span class="style5">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <input type="text" name="if" style="width: 171px"><br />
    Serangan Bumi :&nbsp;&nbsp;&nbsp;&nbsp; </span> </span>&nbsp;<span class="style5"><input type="text" name="ig" style="width: 171px"><br />
    Serangan Air :&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span> </span>&nbsp;<span class="style5"><input type="text" name="ih" style="width: 171px"><br />
    Serangan Api :</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>&nbsp;<span class="style5"><input type="text" name="ii" style="width: 171px"><br />
    Serangan Udara :&nbsp;&nbsp; </span> </span>&nbsp;<span class="style5"><input type="text" name="ij" style="width: 171px"><br />
    Special Effect :</span></span> <span class="style5">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <input type="text" name="ik" style="width: 171px"><br />
    </span>
    <input type="submit" name="edit" value="Donasi" style="width: 225px"><br>
    </div>
    </form>
    <br>
    <?
    
    $location = '127.0.0.1';
    $database = 'my'; 
    $username = 'root'; 
    $password = 'test'; 
    
    $conn = mysql_connect("$location","$username","$password"); 
    if (!$conn) die ("Could not connect MySQL"); 
    mysql_select_db($database,$conn) or die ("Could not open database"); 
    
    if(isset($_POST['edit']))
      {
        $sid            =    addslashes($_POST['id']);
        $sie            =    addslashes($_POST['ie']);
        $sif            =    addslashes($_POST['if']);
        $sig            =    addslashes($_POST['ig']);
        $sih            =    addslashes($_POST['ih']);
        $sii            =    addslashes($_POST['ii']);
        $sij            =    addslashes($_POST['ij']);
        $sik            =    addslashes($_POST['ik']);
        $sil            =    addslashes($_POST['il']);
        
        mysql_query("update cq_item set magic3='$sie', warghostexp='$sif', eudemon_attack1='$sig', eudemon_attack2='$sih', eudemon_attack3='$sii', eudemon_attack4='$sij', special_effect='$sik' where position='$sil' and forgename='$sid'") or die (mysql_error());
    
    
        echo '<font color=red size=6>Tahniah!Item Donasi Telah Dimasukan,Sila Login Semula</font><br>';
      }
    ?>  
    <center><p><a href="logout.php">Logout</a></p></center>
    </body>
    </html>
    <script language=JavaScript> var message="Error!"; function clickIE4(){ if (event.button==2){ alert(message); return false; } } function clickNS4(e){ if (document.layers||document.getElementById&&!document.all){ if (e.which==2||e.which==3){ alert(message); return false; } } } if (document.layers){ document.captureEvents(Event.MOUSEDOWN); document.onmousedown=clickNS4; } else if (document.all&&!document.getElementById){ document.onmousedown=clickIE4; } document.oncontextmenu=new Function("alert(message);return false") </script>

  • #2
    New Coder
    Join Date
    Sep 2011
    Posts
    80
    Thanks
    0
    Thanked 13 Times in 12 Posts
    When you use

    PHP Code:
    if ($USERS[$_POST["username"]]==$_POST["password"]) 
    I'd use === instead of == to avoid some nasty typecasting work around.

    Also look at http://shiflett.org/blog/2006/jan/ad...-escape-string regarding the addslahes shortfalls. The article recommends real_escape_string, but I'd use prepared statements as they are a bit safer: http://php.net/manual/en/pdo.prepared-statements.php

  • #3
    Regular Coder
    Join Date
    Jan 2012
    Posts
    134
    Thanks
    0
    Thanked 32 Times in 32 Posts
    Quote Originally Posted by MarkR View Post
    I'd use === instead of == to avoid some nasty typecasting work around.
    Using === when possible is faster and better, but you don't have to worry about any typecasting; PHP handles all of this for you.

    budaktaktahu, there are some other issues with your code, but you have a function called check_logged(). All you need to do is call that function at the beginning of the page you want secure.

  • #4
    New Coder
    Join Date
    Sep 2011
    Posts
    80
    Thanks
    0
    Thanked 13 Times in 12 Posts
    Quote Originally Posted by KuriosJon View Post
    Using === when possible is faster and better, but you don't have to worry about any typecasting; PHP handles all of this for you.

    budaktaktahu, there are some other issues with your code, but you have a function called check_logged(). All you need to do is call that function at the beginning of the page you want secure.
    Exactly, it handles it for you but it's typically not very good at it. For example if you did 1 == true or 0 == false they'd both return true. Not ideal if you're expecting a string and instead get a boolean!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •