• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Is this code secure enough

#1
[eluser]veledrom[/eluser]
Hi,

I use code below to authenticate user login. I have questions though.

Thanks in advance

1. Is it good and/or secure approach?
2. How can I make it harder to break into?
3. Should I store any other dynamic or static data in database to make it more secure?


<b>DATABASE</b>
Code:
CREATE TABLE `users` (
  `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(20) NOT NULL,
  `password` varchar(40) NOT NULL COMMENT 'SHA1 encrypted password',
  PRIMARY KEY (`id`)
);

<b>CONFIG.PHP</b>
Code:
$config['encryption_key'] = "A1.b2,C3?D4_E5?";

<b>LOGIN PAGE</b>
Code:
&lt;form action="http://localhost/index.php/loginout/do_login" method="post"&gt;
Username : &lt;input type="text" name="text_username" value="" /&gt;
<br />
Password : &lt;input type="password" name="text_password" value="" /&gt;
<br />
&lt;input type="submit" name="submit_button" value="Login" /&gt;
&lt;/form&gt;

<b>CONTROLLER</b>
Code:
class Loginout extends CI_Controller {

public function __construct()
{
  parent::__construct();
}

public function hash_password($password)
{
  $salt  = $this->config->item('encryption_key');
  $hash  = sha1($salt . $password . $salt);
}

public function do_login()
{
  $username = $this->input->post('text_username', true);
  $password = $this->input->post('text_password', true);
  
  $this->db->where('username', $username);
  $this->db->where('password', this->hash_password($password));

  $query = $this->db->get('users', 1);  
  
  echo ($query->num_rows() == 1) ? 'SUCCESS' : 'FAIL';
}
}


Messages In This Thread
Is this code secure enough - by El Forum - 03-05-2012, 04:48 AM
Is this code secure enough - by El Forum - 03-05-2012, 09:05 AM
Is this code secure enough - by El Forum - 03-05-2012, 09:42 AM
Is this code secure enough - by El Forum - 03-06-2012, 01:31 AM
Is this code secure enough - by El Forum - 03-06-2012, 07:31 AM
Is this code secure enough - by El Forum - 03-06-2012, 08:47 AM
Is this code secure enough - by El Forum - 03-06-2012, 09:10 AM
Is this code secure enough - by El Forum - 03-07-2012, 05:12 AM
Is this code secure enough - by El Forum - 03-07-2012, 10:17 AM
Is this code secure enough - by El Forum - 03-07-2012, 12:31 PM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.