My site

Discuss the many weaknesses of browser security and ways to mitigate the threat

My site

Post by dkrit1987 on Mon Apr 25, 2011 5:10 am
([msg=56672]see My site[/msg])

I was wondering if anyone could tell me if someone would be able to get through this easily, just seeing this code?
Or if there are any improvements I could use?

Code: Select all
<?php

if( isset( $_POST['username'] ) && isset( $_POST['password'] ) )
{
   session_start();
   require_once( '../main_includes/.htpasswd' );
   $login_query = "select * from auth where username='". mysql_real_escape_string( $_POST['username'] ) ."' and password=sha1('". mysql_real_escape_string( $_POST['password'] ) ."')";
   $login_result = mysql_query( $login_query )
      or die( 'Could not connect: '. mysql_error() );
   $num_results = mysql_num_rows( $login_result );
   if( $num_results>0 )
   {
      $row = @mysql_fetch_row( $login_result );
      if( ( $row[0] == 1 ) && ( $_POST['username'] == "admin2" ) )
         $_SESSION['admin'] = $row[0];
      else
         $_SESSION['idnum'] = $row[0];
      $numlogs = stripslashes( $row[8] ) + 1;
      $num_log_query = "update auth set num_logs='". $numlogs ."', last_login='". stripslashes( $row[7] ) ."', new_login='". time() ."', status=1 where idnum=". $row[0];
      $num_log_result = mysql_query( $num_log_query )
         or die( 'Could not connect: '. mysql_error() );
      $logname = $row[4].", ".$row[3];
      $log_query = "insert into user_activity_log values(". $row[0]. ",'". $logname ."','". time() ."','Logged into account','". $_SERVER['REMOTE_ADDR'] ."',NULL)";
      $log_result = mysql_query( $log_query )
         or die( 'Could not connect: '. mysql_error() );
      echo "<font color=\"#397D02\">Welcome ". $row[3] ." ". $row[4] ."</font><br /> <!-- user is logged in -->\n";
      
      if( isset( $_SESSION['admin'] ) )
         require_once( "../account/admin/_mylinks.php" );
      else
         require_once( "../account/_account_links.php" );
   }
   else
      echo "error";
}

?>


dkrit1987
New User
New User
 
Posts: 1
Joined: Mon Apr 25, 2011 5:02 am
Blog: View Blog (0)


Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests