What's secure?

[yoshida]

I know I did a topic on login scripts already, but don't want to compare to 'my way' anymore so everyone can speak freely of what's 'most secure'.In short: I've made a index.php with content manager, and (obviously) don't want 'just anyone' to use it. So I made a login script which relies on the mysql database and a session, to unlock certain features.What's one thing you ALWAYS would like to see in ANY login script, to be certain you're safe? I'd really like to put my best effort into this because the content manager is very easy to use (which is also a downside for security reasons).So... some code or linkage please thnx

[skym]

There are many PHP security tutorials on the net, more or less complete, but I think a topic regarding the PHP is not at all a bad idea, especially because many of the w3schools users are beginners, and it just can to make insecure sites can become a bad habit...Security doesn't involve securing only a login system, but the whole site. Even a simple contact form can cause problems in certain situations.Some things to consider:- Never trust the user input, so filter as much as you can the GPC variables (GET, POST, COOKIE), for example check the e-mails addresses, or if you expect for a variable to be an interger, use $var=(int)$_GET['var']; or check it with is_integer().- Escape output, htmlentities() for output to the screen and mysql_real_escape_string() for databases (this probably would be enough for most of SQL injection problems).- Store sensitive documents outside the web root folder allowing users to access them only through your site.- Use sessions for private data (propagated through cookies).- Store hashed passwords in the databases (this is also to respect your visitor's privacy, you don't need to know what his password is, probably it's the same as for his e-mail account)- In case of CMSs only a few persons will know the password for the admin area and will not change often, the password might be stored right in the login script (ex: $user = "admin"; $pass="mypassword"; if($_POST['username']==$user && $_POST['password']==$pass) .... ).- Never use files with .inc extension to include in your scripts, unless you configure the web server to parse the .inc files (not only .php files). Use names like inc.sql.php or config.inc.php etc.And so on...A link: http://phpsec.org/projects/

[justsomeguy]

Those are good points, but I have something to say about this one:

- Never trust the user input, so filter as much as you can the GPC variables (GET, POST, COOKIE), for example check the e-mails addresses, or if you expect for a variable to be an interger, use $var=(int)$_GET['var']; or check it with is_integer().

It's true that you should never trust user input, the "error" I've seen the most on here is people putting GPC data directly into a SQL query or something like that. One thing though, all information that you get in GET or POST is going to be string data, there are no integers or floats or booleans or anything in GET or POST. So, is_integer will always return false because it checks for type as well. In order to check for a numeric string, such as "0", "1.234", or whatever, you can use is_numeric instead.