Follow us on Twitter!
Don't judge the unknown - Grindordie
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 16
Members Online: 2

Registered Members: 82886
Newest Member: The Slummy
Latest Articles

Part 1. Creating a simple login with php and html.

Arrow Image A introduction to web programming.



I just decided to write this for people that are curious on programming and how the internet and computers are structured. Also for keen enthusiasts on computers. Comments would be really much appreciated.


---Login.html---
First off we look at the form part of the html which looks like this:

<form action=\"data.php\" method=\"post\">
Username: <br />
<input name=\"username\" type=\"text\"> <br />
Password: <br />
<input name=\"pass\" type=\"password\"> <br />
<input type=\"submit\" value=\"Login\"> <br />
</form>


Now i shall go through what the form does part by part.

<form action=\"data.php\" method=\"post\">

The form action tells the html that the data from the form is going to get sent to the data.php for processing. The method tells the form what type of way to sent it. This could be either GET or POST, prefably use the POST because it is a lot safer to use in your scripts.

<input name=\"username\" type=\"text\"> <br />

Tells the input box for the username to save the data for that box with the name username which is what you need to grab later on in using the php. The type is text because you want to set the box so you can read your username after inputted.

<input name=\"pass\" type=\"password\"> <br />

Tells the second input box that the data inside the box when the form is submitted the data to process it shall be named pass. The type is set to password so that if anyone is around you while logging in or registering they will not be able to see the password because the characters you input will be replaced with a *.

<input type=\"submit\" value=\"Login\"> <br />

This is the piece of the login box that creates the submit box. You can see that the type of input for the form is registered at the start of it with the type set as submit. The value part sets the writing to display inside the submit box as \'Login\'.

</form>

Not forgetting to close off the form.

---data.php---

I shall do the same as i done with the login.html writing the script and explaining the code piece by piece:


<?php
$user = $_POST[\'username\'];
$pass = $_POST[\'pass\'];
if ($user == \"Tiberius\" && $pass = \"1337p4ss\"){
header (\'Location:http://site.com/admin/\');
}else{
print \"<h1>Error Unauthorised login</h1>\";
};
?>

The <?php tells the server to start processing the php.
$user = $_POST[\'username\'];
Recives the data that the html sent in the username part of the html form which you set with
<input name=\"username\" into the php variable called user. You can tell it\'s a variable because it has $ at the start of it.

$pass = $_POST[\'pass\'];

Once again you get the value that was sent from the
<input name=\"pass\" part of the html form registered into the variable with the name pass.

if ($user == \"Tiberius\" && $pass = \"1337p4ss\"){

This part checks to see if the data in the variable user that was sent from the html is the same as the string tiberius and if the password sent from the html form is the same as the string 1337pass. As you saw at the start it says if so if the data is true execute the code inside the { }.

header (\'Location:http://site.com/admin/\')

The header function is a function included in php to redirect to another page or site. So in this case if the username is what it should be and the pass is what it should be redirect to the admin part of the site.

}else{

This part closes the if the condition is true part to if it is false execute whatever is inside the { }.

print \"<h1>Error Unauthorised login</h1>\"

So if the username and password is not as it should be print <h1>Error Unauthorised login</h1> to the screen.

?>
As you can tell this tells the php that the code has finished and is ready to execute if no errors in the php. Although that does not mean that your code will not run because it could run but there could be as it\'s called a bug somwhere in your code. Don\'t kid yourself as you will come across bugs or errors in your code or you could leave out a ; (Please note the ; at the end of the lines in the php is telling the php that the command or function in the code has ended. Don\'t forget to leave your comments. I think that in part 2 will be about securing it with sessions, then if all is successfull and i get lots of replies i will start with the mySQL and preventing some methods of mySQL injections. ;)

Comments

lesserlightsofheavenon April 26 2007 - 23:02:20
lookin' good. Smile
magnetosphereon April 27 2007 - 01:13:26
Nice script, and well done on explaining how the code works
Arto_8000on April 27 2007 - 03:30:25
How can that be secured ? Anyone could guess the admin folder is named admin and just type it and get in. You should consider adding session to be sure your user is login in when it view the admin script.
This could be either GET or POST, prefably use the POST because it is a lot safer to use in your scripts.
Doesn't prevent from much thing if the "hacker" doesn't have a physical access to your computer, what really make a difference is if you use SSL. It isn't a lot safer, it's cleaner and a little bit more safe. I rate Average.
kaksiion April 27 2007 - 07:28:48
Arto it is for beginners. People that are learning should make it more secure. Cookies, sessions.... Anyway, I am new in php and that is what I need. I will modify it for myself in order to be more secure. Well, nice and simple article if you ask me. :happy:
RedDragonon April 27 2007 - 14:28:00
Very good article. I am like kaksii new to php, and this is a great place to start.
The Flashon April 27 2007 - 15:40:31
Great article. I could of done with this when I started!
djdottion April 27 2007 - 15:54:22
Nice script, will be betta with sql tho
system_meltdownon April 27 2007 - 17:50:06
@Arto, how do you know the /admin folder doesn't have a security check to see if the user is auth'd? Wink
lukem_95on April 28 2007 - 14:11:34
@ Arto, POST isn't that secure either, any half-arsed coder can make something spoof a post with a fake referer, and ever heard of TamperData for firefox? Im sure alot of people will benefit from this article. Good Job.
02nwoodon April 28 2007 - 14:50:01
Yeah i am busy on a second article about sessions and other stuff on security . I only meant this to help the totall noobs. It's a very first insight to html and php and using the php to read what has been sent by the html. Yes i will be parsing input and stuff on later articles if i get lots of replies off them.
02nwoodon April 28 2007 - 16:37:21
By the way congradulations on the admin finally discovering that i had made a little bat program called Hit_Booster.bat which had inside it this code: @echo off :loop start http://hellboundhackers.org/articles/articlecomments.php?article_id=678 goto loop Easy eh. Some sort of bug or something.
SwiftNomadon April 29 2007 - 02:58:03
nice atrical. keep it up.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.