When we using user logins on our web site we have to use user login system. This is easy way to make a nice login system using PHP.
For further actions, you may consider blocking this person and/or reporting abuse
When we using user logins on our web site we have to use user login system. This is easy way to make a nice login system using PHP.
For further actions, you may consider blocking this person and/or reporting abuse
Gautam Vaja -
Ayush Sharma -
Anton Reindl -
Hire Laravel Developers -
Top comments (4)
With all due respect, this should not be on this website or published in any way anywhere, at least not without a big warning.
This code might reflect a simple login flow in php but it's more the prime example on how to open the door to sql injections and get hacked.
github.com/shamilkeheliya/web_logi...
There is no validation or sanitization of your
$_POST
fields.I recommend to delete this post to not encourage anyone following your example.
Check out this tutorial, which is slightly more secure since it uses prepared statements. codeshack.io/secure-login-system-p...
Thank You!!!!
Hi Shamil,
I know you are still learning to write the better programs so here are some of the big mistakes I saw in your project I like to point out which will help you to write more robust programs next time.
1) You should never store passwords as plain text. You should always use some hashing algorithms. You may heard of MD5, But it is outdated. So my recommendation is Bcrypt. PHP provide a default function called password_hash to hash the password using bcrypt with a random salt and password_verify function to verify it.
2) Your code is vulnerable to SQL injection. Always use prepared statement with binding params. Instead of mysqli, I recommend you to use PDO because it is database agnostic. So next time use PDO with Prepared Statements.
3) I like to point out what Marcus said. Always do server-side validations on all the user inputs. Our intention is to prevent XSS attacks etc.
4) Your code is also vulnerable to CSRF attacks. Check this StackOverflow link to learn how to add CSRF token in your codebase - stackoverflow.com/a/31683058/4677060
My final recommendation is after you learn core PHP try to learn Laravel. This will help you to avoid all security problems and help you to find better jobs when you complete your college.
Thank You So Much!!!!!!!