Welcome Guest, Not a member yet? Register   Sign In
Secure Login
#1

[eluser]georgerobbo[/eluser]
Hello,

I would like to confirm whether this login form is secure (and provides protection against SQL injection). Thank you.


Code:
<?php

class Login extends Controller {

    function Login()
    {
        parent::Controller();    
    }
    
    function index()
    {
        if(get_cookie('ip_session') == TRUE) { } else { $iptoken = array('name' => 'ip_session', 'value' => $this->input->ip_address(), 'expire' => '3600'); set_cookie($iptoken); }
        if(get_cookie('lf_session') == TRUE) { redirect('welcome', 'refresh'); } else {
            
        $data['title'] = "Login";
        
        $this->load->helper('form');
        
        $this->load->view('meta', $data);
        $this->load->view('header', $data);
        $this->load->view('login', $data);
        $this->load->view('footer', $data);
    
        }
    }
    
    function authenticate()
    {
        if(get_cookie('lf_session') == TRUE) { redirect('welcome', 'refresh'); } else {
        
        $this->load->helper('form');
        $this->load->library('encrypt');
        $this->load->library('form_validation');
        
        $this->form_validation->set_rules('u', 'Username', 'trim|required|xss_clean');
        $this->form_validation->set_rules('p', 'Password', 'trim|required');
        
        if($this->form_validation->run() == FALSE)
        {
            redirect('/login', 'refresh');
        }
        else
        {
        $identify = $this->input->post('u');
        $identify = mysql_real_escape_string($identify);
        $identify = trim($identify);
        $identify = stripslashes($identify);
        
        $verify = $this->Paramount->the_admin($identify);
        
        foreach($verify as $a): $confirm = $a['Username']; $adjust = $a['Password']; endforeach;
        if(isset($confirm)) {
            $encrypt = $this->input->post('p');
            $encrypt = mysql_real_escape_string($encrypt);
            $encrypt = trim($encrypt);
            $encrypt = stripslashes($encrypt);
            $encrypt = $this->encrypt->sha1($encrypt);
            
            if($adjust == $encrypt) {                
                $session = md5(uniqid(mt_rand(), true));
                $securetoken = array('name' => 'lf_session', 'value' => $session, 'expire' => '7200');
                set_cookie($securetoken);    
                
                redirect('/welcome', 'refresh');
            }
            else
            {
                redirect('/login', 'refresh');
            }
        }
        else
        {
            redirect('/login', 'refresh');
        }
        
        }        
        }
    }
    
}

/* End of file login.php */
/* Location: ./system/application/controllers/login.php */
#2

[eluser]skunkbad[/eluser]
There are many vulnerabilites in login scripts, and unless you do some research on authentication exploits, you are sure to create something that can be bypassed, hacked, etc.

One thing I see is that anyone who can modify a cookie, or fabricate a cookie that sets the variables to TRUE is logged in. You shouldn't be testing for TRUE. You should be testing for a unique ID, and some sort of token. What you choose as your token should be something unique to the client's machine, or possibly the browser.

You might take a look at my Community Auth, located in my signature. The Authentication class is where all the action happens, and it should give you some ideas.




Theme © iAndrew 2016 - Forum software by © MyBB