I found this account login code online:
<?php
require_once('connect.php');
$email = mysql_escape_string(trim(stripslashes($_…
if (!empty($email)) {
$query = "SELECT username, password FROM members WHERE email = '$email'";
$result = mysql_query($query);
while ($row = mysql_fetch_object($result)) {
$username = $row->username;
$password = $row->password;
}
echo "Your username is $username";
echo "Your password is $password";
}
else {
echo "Please enter your email address!";
}
?>
My question is, isn't this very unsafe since if a malicious user does a little digging and finds a user's email address, they can pretty much get their password or am I incorrect? I have a mysql db and and trying to develop a secure php front end with user login. I haven't found any that use hashing algorythms.
Related posts:
4 responses so far ↓
1 michael p // May 18, 2008
Obviously it is, it is just an example. there is a lot more to doing this. Like maintaining the session with a cookie indicating the user is logged in etc… Also, you would have to do this over https because otherwise passwords would be sent in clear text. The database validation is not the hard part, it is session management.
If you want to hash the pass, make it md5 or SHA1. both are built into php. But if you want to make it secure, you need some more php knowledge that I cannot provide in this space
2 Colanth // May 18, 2008
Not only don't you *EVER* give out a password, you *never* store an unencrypted password. Databases can be broken into.
Encrypt the password when the account is started (use MD5 - php makes that trivial) and store the ENCRYPTED password. Then, when the user logs in, encrypt the password and compare the ENCRYPTED password to the one stored.
MD5 can't be decoded - it can be collided, but it's not worth the effort unless it's the password to Fort Knox, or something equally valuable. (You can keep trying passwords untill the MD5 hash of the password you try is the same as the one in the database. At the rate of 1 per second, it could take centuries. And, as I said, it's trivial to MD5-hash a password in php. MD5 is an internal function.)
3 two pi // May 18, 2008
You're correct that this script is horribly non-secure, but I don't believe it's a login script at all. Instead, it's a script for returning a password for a person who has forgotten it.
It's still a really bad idea, as you can see that there is no other feature in place to ensure the user is actually the user. That's why most such scripts also include some sort of personal question (mother's maiden name or the like,) which is also stored in the database. You can then check to see if the password and answer relate to the same record before sending the account info back.
Hashing is one easy way to improve security. Use the md5() or sha1() function to produce a scrambled version of the password when you first receive it from the user. Store this hashed version, so you don't have the password stored in plain text anywhere.
When the user tries to authenticate, hash the input password with the same function used to store it, and compare the hashed input with the stored hash value.
Hashing is a pretty good security measure for ordinary site passwords, but it is not strong enough for serious work. Look into more sophisticated techniques like public key encryption if you are working with really sensitive data
Note that the password is still transmitted in the clear, so a network sniffer could get ahold of it. For that, you'll need to run ssl. It isn't difficult to set up, but you may need cooperation from your server administrator.
Good luck!
4 Jewish Boy // May 18, 2008
Yes it is unsafe.
What it should do is email the password to you.
Leave a Comment