troubleshooting Question

PHP login script

Avatar of brad_tho
brad_tho asked on
PHP
19 Comments1 Solution490 ViewsLast Modified:
I currently have the following code in login.php. Every page that I want users to be logged in for I simply include login.php. I've read discussion boards and I have a feeling that this code is not very secure. Can you please help me make this code more secure. Eventually I hope to partner this script with a mysql database which will store the usernames and passwords. I also want to add different levels of users (ie not logged in, student level, teacher level, administrator level). Please help!


<?
session_start(); // start session.

?>
<html>
<head>
<title>Login</title>
</head>
<body>
<?
if(!isset($log_username) & !isset($log_password)) {
  ?>
  <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
  Members only. Please login to access this document.<br>
  Username: <input type="text" name="log_username"><br>
  Password: <input type="password" name="log_password"><br>
  <input type="submit" value="Login">
  </form>

  </body>
  </html>
  <?
  exit();
}


session_register("log_username");
session_register("log_password"); // register username and password as session variables.

if($log_username == "freddo_frogs" & $log_password == "are_yummy") {
  $valid_user = 1;
} else {
  $valid_user = 0;
}

// If the username exists and pass is correct, don't pop up the login code again.
// If info can't be found or verified....

if (!($valid_user))
{
  session_unset();   // Unset session variables.
  session_destroy(); // End Session we created earlier.

  ?>
  <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
  Incorrect login information, please try again. You must login to access this document.<br>
  Username: <input type="text" name="log_username"><br>
  Password: <input type="password" name="log_password"><br>
  <input type="submit" value="Login">
  </form>
  </body>
  </html>
  <?
  exit();
}
?>
ASKER CERTIFIED SOLUTION
gemdeals395

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 19 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 19 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros