Login Browser Security Issues

masterjake · Nov 8, 2007

My site is http://masterjake.co.nr/. For some reason, for people to login, they have to either have their privacy level on low or my site in their allow list. I put a tutorial on the login page on how to lower your security or allow my site but can someone help me with a login system that doesn't require low browser security. Thanks!

conker87 · Nov 9, 2007

What is the code that you're using to login? I can see it's php, but can you post the code?

masterjake · Nov 9, 2007

Login Browser Security Issues - The Code

I have a page called login.php with a form on it. The action of the form goes to a page called do_login.php?login=yes where everything takes place. This is the do_login code:

------------------------------------------------------------------------
<?php session_start(); ?>
<?php
$username=$_POST['username'];
$password=$_POST['password'];
$login=$_GET['login'];
if ($login=='yes') {
$con = mysql_connect('localhost','my_user_here','my_pass_here');
mysql_select_db('my_db_here');
$get = mysql_query("Select count(id) FROM users WHERE username='$username' AND password='$password'");
$result = mysql_result($get,0);

if ($result != 1) {

header ("Location: login_failed.php");
}else{

$_SESSION['username']=$username;
header ("Location: login_success.php");
}

}
?>
------------------------------------------------------------------------

mr kennedy · Nov 10, 2007

you have the php header at the wrong location

should be like this:
<?php

<?php session_start(); ?>
$username=$_POST['username'];
$password=$_POST['password'];
$login=$_GET['login'];
if ($login=='yes') {
$con = mysql_connect('localhost','my_user_here','my_pass_ here');
mysql_select_db('my_db_here');
$get = mysql_query("Select count(id) FROM users WHERE username='$username' AND password='$password'");
$result = mysql_result($get,0);

if ($result != 1) {

header ("Location: login_failed.php");
}else{

$_SESSION['username']=$username;
header ("Location: login_success.php");
}

}

?>

you should have the <?php before your php codes...

Slothie · Nov 10, 2007

There is nothing wrong with his php headers. He already does have <?php tags in case you haven't noticed and there is nothing wrong with multiple <?php ?>s.
Apart from relative URL's in the header bits I can't see much that's wrong.

masterjake · Nov 10, 2007

Yeah theres nothing wrong with multiples, that code you posted didn't really work. Thanks for your help though. Browser security on medium protects people from logging into sites with content that is able to be dangerous to them i guess. Is it because my database stores their ip when they register? Is that why the can't login because it retrieves that from the database somehow?

Slothie · Nov 10, 2007

No, database logging is fine, in fact most systems use databases to store member information.

masterjake · Nov 11, 2007

Yeah I like the my database. I just don't understand. Every browser will allow people to login fine except Internet Explorer. On it, you have to lower your security or add me to your allow list. I just don't get why that happens.

Thewinator · Nov 11, 2007

You could try echoing a meta redirect if the header information is the problem like this:

PHP:

if ($result != 1) 
{
    echo '<meta http-equiv="refresh" content="0;URL=login_failed.php" />';
}
else
{
    $_SESSION['username']=$username;
    echo '<meta http-equiv="refresh" content="0;URL=login_success.php" />';
}

But I don't think any of this should mater, becouse this is a server side script and has nothing to do with the clients security level.

Login Browser Security Issues

masterjake

New Member

conker87

New Member

masterjake

New Member

mr kennedy

Member

Slothie

New Member

masterjake

New Member

Slothie

New Member

masterjake

New Member

Thewinator

New Member

Free Web Hosting

Our Community

Legal