The
Scripts, 3rd Party Apps, and Programming forum is more appropriate for coding issues. The Free Hosting forum is more for administrative issues.
Please use
PHP:
, [html] or [code] tags (as appropriate) to separate and format code.
[quote="itiquint, post: 891037"][php]$user=$_POST['user'];
[...]
$query="SELECT user From login where user='".$user."'";
[...]
$query="SELECT Id_user FROM login WHERE user='".$user."' and password='".$password."'";
[...]
$query_grant="SELECT tipo,cod_anag from login where user='".$user."'";
[/QUOTE]
The posted code is vulnerable to
SQL injection, which is a very serious
security risk. To fix this hole, switch from the outdated
mysql extension to
PDO and use
prepared statements.
Instead of the three separate SQL queries, perform one that fetches the necessary information (the password, tipo and cod_anag columns) and compare the hashes in PHP rather than SQL. Better still, use a
Data Access Layer (DAL) so the rest of the system isn't dependent on the storage & retrieval methods.
MD5 is considered broken by security professionals. No less than Bruce Schneier wrote back in 2008:
But -- come on, people -- no one should be using MD5 anymore.
Use a newer hashing function, such as whirlpool or something from the SHA2 family (SHA256, SHA512) or (better still) Blowfish (using
crypt()). Any of these hashing functions can in turn be the basis of a tunable
key derivation function (see also essellar and Callum's discussion on "
Create User Accounts"). Your password scheme is also vulnerable to
rainbow tables. Add
salt to fix this. Give each user a unique salt (a "
nonce") and store that in a column in table `login`.
To update your code without impacting existing users:
- Add a new column to your users table indicating which hash function was used. It could be a BOOLEAN value indicating that the p/w needs updating, or a string naming the hash function:
- `md5` BOOLEAN NOT NULL DEFAULT TRUE,
- `hash` VARCHAR(16) NOT NULL DEFAULT 'md5',
The latter option allows you to easily support whatever hashing functions are available on the host.
- Register new users using the newer hashing function.
- When a user logs in, check whether their password is hashed using MD5 or not. If it is, expire their password (this is a good chance to have users enter new passwords). Alternatively, if the validation succeeds, re-hash the password and update the database.
- If using the 1st column option, drop the column when there are no more MD5 hashed passwords (SELECT COUNT(*) FROM users WHERE `md5`=TRUE is 0)
<br/> (as it's being used),
<font> and the
align attribute are
presentational HTML. Moreover,
<font> is
obsolete and
align is completely absent in HTML5. Replace them with
semantic HTML and use CSS for styling. (Also, "
</br>" is invalid, as it's the close tag for a
<br>, which is forbidden to have a close tag.)
PHP:
<?phpsession_start();
$_SESSION['tipo']=1000;
$_SESSION['user']="";
?>
The missing space will prevent PHP from interpreting this block.
Upon successful login, you should
regenerate the session ID to prevent
session fixation. Chances are your authentication system also needs something to prevent
session hijacking, though that's trickier to do.
HTML:
<form id="form_index" action="esegui_login.php" method="post">
<section align="right">
This doesn't appear to be semantically correct.
<section> should mark a section of the document that would appear in an outline: e.g. a chapter, a tabbed page or a numbered section.
<fieldset> is more appropriate.
