Jeg har læst at det her script ikke er sikkert nok, hvordan forbedre jeg det:
her hentes dataet fra formen:
$username = &$HTTP_POST_VARS['username'];
$password = &$HTTP_POST_VARS['password'];
$autologin = &$HTTP_POST_VARS['autologin'];
Her logges der ind
$sql = mysql_query("select * from users where username='$username' and password='$password'");
$row_check = mysql_num_rows($sql);
if($row_check > 0){
$row_check = mysql_fetch_array($sql);
if($autologin == yes) {
setcookie("login","yes", time() + 99999999);
setcookie("username","$row_check[username]", time() + 99999999);
setcookie("password","$row_check[password]", time() + 99999999);
setcookie("id","$row_check[id]", time() + 99999999);
setcookie("adminlevel","$row_check[admin]", time() + 99999999);
if($row_check[admin] == yes) {
$id = $row_check[id];
$sql2 = mysql_query("select * from admins where id='$id'");
$row_admin = mysql_fetch_array($sql2);
setcookie("journalist","$row_admin[journalist]", time() + 99999999);
setcookie("moderator","$row_admin[moderator]", time() + 99999999);
setcookie("mobileadmin","$row_admin[mobileadmin]", time() + 99999999);
setcookie("admin","$row_admin[admin]", time() + 99999999);
setcookie("administrator","$row_admin[administrator]", time() + 99999999);
}
}
else {
setcookie("login","yes");
setcookie("username","$row_check[username]");
setcookie("password","$row_check[password]");
setcookie("id","$row_check[id]");
setcookie("adminlevel","$row_check[adminlevel]");
if($row_check[admin] == yes) {
$id = $row_check[id];
$sql2 = mysql_query("select * from admins where id='$id'");
$row_admin = mysql_fetch_array($sql2);
setcookie("journalist","$row_admin[journalist]");
setcookie("moderator","$row_admin[moderator]");
setcookie("mobileadmin","$row_admin[mobileadmin]");
setcookie("admin","$row_admin[admin]");
setcookie("administrator","$row_admin[administrator]");
}
}
Er det script her sikkert nok, eller skal det være med krypteret password? hvis ja, hvordan laves det, en der vil hjælpe ..