HiveBrain v1.2.0
Get Started
← Back to all entries
patternphpMinor

Security - Login system

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
codereviewphpstackoverflowsecuritysessionformhtml
systemsecuritylogin

Problem

For a school project I have been asked to create a login system for a website. The language I have to use is PHP with no database as of yet (for a later assignment). I'm just wondering if this code has any security flaws.

Here is my current code:

Navigation.php note that this is to be included in another html document. 


    Index  
    Test
    not-in-use

 
    

        Username: 
        Password:   
        

        ';
    } else {
        echo 'Welcome! ' . $_SESSION['user'] . '';
    }
    ?>


Login.php

Solution

Here's my 2 cents as Java "developer" with a little experience in c# and vba.

Your security here largely depends on whether you send the password and username in clear text or encrypted. You should force HTTPS protocol for access to the page.

You might also want to show errors if the login is invalid:

$valid = true;
if(!isset($_POST['username']) || empty($_POST['username'])){
   $errors .= "Please enter a username."
   $valid = false;
}
if(!isset($_POST['password']) || empty($_POST['password'])){
   $errors .= "Please enter a pasword."
   $valid = false;
}
if($valid){
  //check for username and password compliance
}


Also it would definitely be better to have the logout be handled in a different file than the login

Code Snippets

$valid = true;
if(!isset($_POST['username']) || empty($_POST['username'])){
   $errors .= "Please enter a username.<br>"
   $valid = false;
}
if(!isset($_POST['password']) || empty($_POST['password'])){
   $errors .= "Please enter a pasword.<br>"
   $valid = false;
}
if($valid){
  //check for username and password compliance
}

Context

StackExchange Code Review Q#46537, answer score: 2

Revisions (0)

No revisions yet.