Home/ Questions/Q 6226869
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T09:06:40+00:00

So i’ve been trying to make secure PHP login / registration scripts and so

  • 0

So i’ve been trying to make secure PHP login / registration scripts and so far without any kind of password encryption I have this:

if($_POST)
{

function GenericError()
{
echo '<script type="text/javascript">window.location.href="error.php"</script>';
}

function CheckEmpty($param)
{
if($param == "" || $param == null)
    echo '<script type="text/javascript">window.location.href="empty.php"    </script>';
}

function AllYourBase()
{
mysql_connect("MyHost", "MyUsername", "MyPassword") or die(mysql_error());
mysql_select_db("MyDatabase") or die(mysql_error());
}

$username = CheckEmpty($_POST['username']);
$first = CheckEmpty($_POST['fname']);
$last = CheckEmpty($_POST['lname']);

if($_POST['password'] == $_POST['vpass'])
$password = $_POST['password'];
else
echo '<script type="text/javascript">window.location.href="pass.php"</script>';

if($_POST['email'] == $_POST['vemail'])
$email = $_POST['email'];
else
echo '<script type="text/javascript">window.location.href="email.php"</script>';

AllYourBase();
mysql_query("INSERT INTO Users (username, password, firstname, lastname, email) VALUES ('%s', '%s', '%s', '%s, '%s')",
        mysql_real_escape_string($username),
        mysql_real_escape_string($password),
        mysql_real_escape_string($first),
        mysql_real_escape_string($last),
        mysql_real_escape_string($email)) or die(GenericError());

echo '<script type="text/javascript">window.location.href="win.php"</script>';

}
</pre>

Does this seem right to you guys? Is there anything else I can do besides password encryption to make this more secure? Also, is there a better way to handle errors than making all these individual pages?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I don’t think this looks right, because I don’t think you should ever store passwords in your database. Especially when you ask such questions on Stackoverflow(I don’t even recommend myself to store passwords inside my database, although I did a lot of research on this topic, but I still don’t consider myself a security expert). I always recommend people to use OpenID(or Facebook Connect) instead. It is very simple to implement, secure. Most users already have an OpenID like for example Google openID or Yahoo! openID. I have a demo available at my hosting provider(simple) at location http://westerveld.name/php-openid/. When you implement OpenID you don’t need to worry about authentication at all. I have this code available at github. You could just simply clone code and get started => https://github.com/alfredwesterveld/php-openid

    But If you really want to store passwords yourself I would advice you to look into phpass. It supports the most secure hashing method OpenBSD-style Blowfish-based bcrypt which is Moore’s law proof. I made a simple library wrapping phpass also available at github, although I don’t advice you to use this => https://github.com/alfredwesterveld/php-auth

    Also I would advice you to look into PDO to do safe/fast cross-database SQL.

    • 0