Secure Login - El Forum - 11-09-2009
[eluser]georgerobbo[/eluser]
Hello,
I would like to confirm whether this login form is secure (and provides protection against SQL injection). Thank you.
Code: <?php
class Login extends Controller {
function Login()
{
parent::Controller();
}
function index()
{
if(get_cookie('ip_session') == TRUE) { } else { $iptoken = array('name' => 'ip_session', 'value' => $this->input->ip_address(), 'expire' => '3600'); set_cookie($iptoken); }
if(get_cookie('lf_session') == TRUE) { redirect('welcome', 'refresh'); } else {
$data['title'] = "Login";
$this->load->helper('form');
$this->load->view('meta', $data);
$this->load->view('header', $data);
$this->load->view('login', $data);
$this->load->view('footer', $data);
}
}
function authenticate()
{
if(get_cookie('lf_session') == TRUE) { redirect('welcome', 'refresh'); } else {
$this->load->helper('form');
$this->load->library('encrypt');
$this->load->library('form_validation');
$this->form_validation->set_rules('u', 'Username', 'trim|required|xss_clean');
$this->form_validation->set_rules('p', 'Password', 'trim|required');
if($this->form_validation->run() == FALSE)
{
redirect('/login', 'refresh');
}
else
{
$identify = $this->input->post('u');
$identify = mysql_real_escape_string($identify);
$identify = trim($identify);
$identify = stripslashes($identify);
$verify = $this->Paramount->the_admin($identify);
foreach($verify as $a): $confirm = $a['Username']; $adjust = $a['Password']; endforeach;
if(isset($confirm)) {
$encrypt = $this->input->post('p');
$encrypt = mysql_real_escape_string($encrypt);
$encrypt = trim($encrypt);
$encrypt = stripslashes($encrypt);
$encrypt = $this->encrypt->sha1($encrypt);
if($adjust == $encrypt) {
$session = md5(uniqid(mt_rand(), true));
$securetoken = array('name' => 'lf_session', 'value' => $session, 'expire' => '7200');
set_cookie($securetoken);
redirect('/welcome', 'refresh');
}
else
{
redirect('/login', 'refresh');
}
}
else
{
redirect('/login', 'refresh');
}
}
}
}
}
/* End of file login.php */
/* Location: ./system/application/controllers/login.php */
Secure Login - El Forum - 11-09-2009
[eluser]skunkbad[/eluser]
There are many vulnerabilites in login scripts, and unless you do some research on authentication exploits, you are sure to create something that can be bypassed, hacked, etc.
One thing I see is that anyone who can modify a cookie, or fabricate a cookie that sets the variables to TRUE is logged in. You shouldn't be testing for TRUE. You should be testing for a unique ID, and some sort of token. What you choose as your token should be something unique to the client's machine, or possibly the browser.
You might take a look at my Community Auth, located in my signature. The Authentication class is where all the action happens, and it should give you some ideas.
|