Novice Consult legitimate user authentication problem

Source: Internet
Author: User
Hello everyone! I have recently started to learn the PHP landing interface is this meaning if the account and password as the database so give a session= user name

Then at each interface to detect whether legitimate users with include check.php

The main idea of the code is that if the session is empty then prompt illegal but found that the security is very poor what are the good ideas and code?

The novice doesn't have much to be ashamed of


Reply to discussion (solution)

Session is a global variable, you can check any page to see if there is any value in the session

Session is a global variable, you can check any page to see if there is any value in the session
My original Checka. That's how it's written in PHP.
Session_Start ();
if ($_session[admin_name]== "") {
echo "";
}
?>

But it doesn't feel safe. If the external illegal submission of a form in the use of seession== "arbitrary content" can be executed. How to change

$_session["admin_name]==" "and session==" "not the same.

Please let us know your PHP version.

if ($_session[admin_name]== "") {
Should write
if (! isset ($_session[' admin_name ')) {

Version of 5.4.3

Hit the wrong 5.3.4

if the external illegal submission of a form in the use of seession== "arbitrary content" can be executed
Are you imagining it or is it true?

if the external illegal submission of a form in the use of seession== "arbitrary content" can be executed
Are you imagining it or is it true?

The code in my Checka is as follows
Permission validation
2014-3-20
by Liu
Session_Start ();
if ($_session[' username ']== "") {
echo "";
}
?>

The login code is as follows
Verify login Information
2014-3-24
by Liu 1s
Session_Start ();
Include_once ' connss.php ';
if ($_post[' submit ']) {
$username =$_post[' username '];
$USERPASSWD =$_post[' Userpass '];
$answers =$_post[' answers '];
$USERPASSWD =md5 ($USERPASSWD);
$sql = "SELECT * from user where username= ' $username '";
$query =mysql_query ($sql);
$row =mysql_fetch_array ($query);
if ($row [' Answers ']== $answers) {
if ($row [' username ']== $username) {
if ($row [' userpasswd ']== $userpasswd) {
$_session[' username ']= $username;
echo "";
}
else {
echo "";
}}
else {
echo "";
}}
else {
echo "";
}
?>


I include checka.php in front of each page

Then I create a new PHP to mimic the external commit content for a form to add news then start with session_start ();
$_session[' username ']== "123";
Discovery can be submitted successfully! Solving

Session_Start ();
$_session[' username ']= "123";
PHP program, not form can be submitted!
Of course, if someone goes to your server and modifies your program, it's another matter.

Session_Start ();
$_session[' username ']= "123";
PHP program, not form can be submitted!
Of course, if someone goes to your server and modifies your program, it's another matter.

Just want to ask me to write this checka.php is not safe if not how to modify it thank you

It should be safe.

It should be safe.

Is there any other way of thinking?

Study!!!

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.