|
|
Posted by Dalibor on 02/24/06 23:34
I writed the following code for my loggin script:
<?php
$username = htmlentities($_POST['login']);
$password = htmlentities($_POST['passw']);
$submited = $_POST['submited']; // hidden variable in login form (value =
'yes')
$browser_f = $_POST['browser']; // browser type and ver from login form
$browser_l = $_SERVER['HTTP_USER_AGENT'];
$time = time() - $_POST['time']; // time difference
$page = "../admin/admin.php"; // protected page
if (!isset($_REQUEST['login']) || ($submited != 'yes') || ($time > 180)) {
echo "\n Intruder alert!\n";
exit(); }
if ((!$username) || (!$password)) {
echo "\n No data enetered!\n";
exit(); }
if(strstr($username,"<") || strstr($password,"<") || strstr($username,">")
|| strstr($password,">") || strstr($username,"script") ||
strstr($password,"java")) {
echo "\n No codding please!\n";
exit(); }
if ($username == 'username' && $password == 'password' && $browser_f ==
$browser_l) {
session_register("logged_in");
header("Location:$page");
exit(); }
else {
echo "\n Access denied!\n";
exit(); }
?>
Is this safe enougt or I should put some other checks in it?
--
..:Dalibor:.
Navigation:
[Reply to this message]
|