[FX.php List] Password encryption and PHP security

Vision Computer Consulting info at visioncomputerconsulting.com
Tue Nov 13 15:37:24 MST 2007 

There is a good php encrypt/decrypt function here:

http://www.phpbuilder.com/board/showthread.php?t=10326721


On Nov 13, 2007, at 1:54 PM, Lindal, Mark wrote:

> Our IT people have shut down our filemaker database and Bookstore.
>
> There were two issues:
> 1. The server started trying to access remote devices and sites
> 2. They are concerned about the PHP security, in particular the
> non-encryption of passwords.
> My form is:
> <form action="loginok_e.php" method="post" name="login_e">
>                             <input type="hidden" name="action"
> value="current"> <input type="hidden" name="lastpage" value="<? echo
> $referpage;?>"> <input type="hidden" name="flag" value="login_e">  
> <!-- This
> may come in handy if we want to avoid sending a person to a change  
> page.-->
>                             <table width="396" border="0"  
> cellspacing="2"
> cellpadding="0">
>                                 <tr>
>                                     <td width="95">UserID:</td>
>                                     <td width="10"></td>
>                                     <td width="200"><input type="text"
> name="userid" value="<? if($CustomerNumber!=0) {echo
> $customerdata['userid'][0];}?>" size="30"></td>
>                                     <td class="button2" rowspan="2"
> width="100"><input type="submit" name="login" value="Login"></td>
>                                 </tr>
>                                 <tr>
>                                     <td width="95">Password:</td>
>                                     <td width="10"></td>
>                                     <td width="200"><input  
> type="password"
> name="Password" size="30"></td>
>                                 </tr>
>                             </table>
>                             <input
> onclick="location.href='login_e.php?action=new'" type="button"  
> name="new"
> value="New Customer"> <input onclick="location.href='getuserid_e.php'"
> type="button" name="new" value="Forgot my userID or Password">
>                         </form>
>
> When receiving the login form I do the following:
> if(isset($_POST['userid'])) {$CustomerID = $_POST['userid']; } else
> {$CustomerID='';}
> if(isset($_POST['Password'])) {$Password = $_POST['Password']; } else
> {$Password='';}
>
> if($CustomerID=='' or $Password=='') {header("Location:  
> $error1url"); exit;}
>
> if($CustomerID!='' && $Password!='') {
>         $viewcustomer=new FX($serverIP,$webCompanionPort);
>         $viewcustomer->SetDBPassword($db_password);
>         $viewcustomer->SetDBData('PUB_WebClient_.fp5','ForWeb');
>         $viewcustomer->AddDBParam('userid',$CustomerID, 'eq');
>         $viewcustomer->AddDbParam('Password',$Password, 'eq');
>         $viewcustomerResult=$viewcustomer->FMFind();
>         } else {
>         header( "Location: $error1url" );
>         exit ;}
>     if($viewcustomerResult['errorCode']!=0) {
>         header( "Location: $error1url" );
>         exit ;}
>
> Any ideas?
>
> ------------------------------
> Mark Lindal
> mlindal at nrcan.gc.ca
> 250-363-0603
>
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20071113/1d564ec5/attachment-0001.html

More information about the FX.php_List mailing list