tutoriale photoshop, brushes, patterns, gradient
Site afiliat proiectului Wtricks.com
   
   
  REGULAMENT | Search | Members | Calendar | Help  
 

Invatam Net - Forum webmasteri / Web development / Programare / securitatea unui formular de autentificare

Post Reply  Post Thread 
securitatea unui formular de autentificare
Author Message
dtbd1916
Designer incepator
*****


Posts: 268
Group: Registered
Joined: Jul 2008
Status: Offline
Reputation: 1
Lei: 1441.75
Post: #1
securitatea unui formular de autentificare

Am urmatorul formular de autentificare:

<form action="procesare.php" method="post">

username:<input type="text" name="username"  maxlength="222" />

password:<input type="password" name="password" maxlength="222" />

<input type="submit" name="baga_mare" value="Baga mare!"  />

</form>

si pagina procesare.php care imi prelucreaza datele din formular:

<?php if($_POST['username'] == 'username`ul_meu' && $_POST['password'] == 'parola_mea'){

echo'<table>...</table>//un tabel oarecare
';}
else
{echo 'Nu esti autorizat sa accesezi aceasta pagina web!!';}
?>

Vreau sa stiu daca mai trebuie sa adaug ceva la codul PHP ca sa nu am vulnerabilitati de securitate.Vreau sa va uitati la cod si sa imi spuneti ce buguri are.

Multumesc.

var raspuns = prompt("Care este id`ul meu de messenger ?","");
if (raspuns == 'dare_to_be_different1916') {
document.write('Daca abatoarele ar avea peretii de sticla, oamenii ar deveni vegetarieni !');
}

accesinterzis.ro | HTML, CSS, PHP, MySQL, Javascript, XML

This post was last modified: 08-02-2008 03:20 AM by dtbd1916.
08-02-2008 03:19 AM
Visit this users website Find all posts by this user Quote this message in a reply
Agkelos
Designer experimentat
*******


Posts: 650
Group: Registered
Joined: Apr 2007
Status: Offline
Reputation: 12
Lei: 2731.3
Post: #2
RE: securitatea unui formular de autentificare

E prea mic ca sa se poata exploata ceva Smile

O singura problema observ si anume modul in care faci comparatia. == se foloseste doar pentru numere. Daca ai string-uri iti recomand strcmp() sau operatorul ===. Daca folosesti ==, "1" == "1e0" iti va returna true.

IPFind :: LAMP :: NoIndex
08-02-2008 07:48 PM
Visit this users website Find all posts by this user Quote this message in a reply
dtbd1916
Designer incepator
*****


Posts: 268
Group: Registered
Joined: Jul 2008
Status: Offline
Reputation: 1
Lei: 1441.75
Post: #3
RE: securitatea unui formular de autentificare

Merci.Deci in loc de

if($_POST['username'] == 'username`ul_meu' && $_POST['password'] =='parola_mea')

trebuie sa scriu

if($_POST['username'] === 'username`ul_meu' && $_POST['password'] === 'parola_mea')?

var raspuns = prompt("Care este id`ul meu de messenger ?","");
if (raspuns == 'dare_to_be_different1916') {
document.write('Daca abatoarele ar avea peretii de sticla, oamenii ar deveni vegetarieni !');
}

accesinterzis.ro | HTML, CSS, PHP, MySQL, Javascript, XML
08-02-2008 07:53 PM
Visit this users website Find all posts by this user Quote this message in a reply
Agkelos
Designer experimentat
*******


Posts: 650
Group: Registered
Joined: Apr 2007
Status: Offline
Reputation: 12
Lei: 2731.3
Post: #4
RE: securitatea unui formular de autentificare

Exact Smile

Sau, varianta mai eleganta:

PHP Code:
if( strcmp($_POST['username'],'user')==&& strcmp($_POST['password'],'parola')==0

IPFind :: LAMP :: NoIndex
08-02-2008 09:14 PM
Visit this users website Find all posts by this user Quote this message in a reply
Post Reply  Post Thread 

View a Printable Version
Send this Thread to a Friend
Subscribe to this Thread | Add Thread to Favorites
Forum Jump:

Contact Us | Invatam Net: articole, tutoriale, forum de web design | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication | Warning Types
 

 Invatam Net
Esti nou pe aici? Vorbeste-ne despre tine.
Citeste articole si tutoriale unice.
Ai un site? Iti putem oferi un review.

  Parteneri
FORUM MASINI
Life TM
Orthodontics - all about braces
Tutoriale CSS
Gazduire web
SkullBox.info
PC Gamez
Lectii de SEO
PC Troubleshooting

  


-->