[FX.php List] Password encryption and PHP security
Bob Patin
bob at patin.com
Tue Nov 13 15:21:32 MST 2007
Mark,
Why didn't you just put an SSL cert on the submission form? That would
encrypt the form and is easy enough to do...
Bob Patin
Longterm Solutions
bob at longtermsolutions.com
615-333-6858
http://www.longtermsolutions.com
Member of FileMaker Business Alliance and FileMaker TechNet
CONTACT US VIA INSTANT MESSAGING:
AIM or iChat: longterm1954
Yahoo: longterm_solutions
MSN: tech at longtermsolutions.com
ICQ: 159333060
--------------------------
Contact us for FileMaker hosting for all versions of FileMaker
PHP • CDML • Full email services • Free DNS hosting • Colocation •
Consulting
On Nov 13, 2007, at 3:54 PM, Lindal, Mark wrote:
> Our IT people have shut down our filemaker database and Bookstore.
>
> There were two issues:
> 1. The server started trying to access remote devices and sites
> 2. They are concerned about the PHP security, in particular the
> non-encryption of passwords.
> My form is:
> <form action="loginok_e.php" method="post" name="login_e">
> <input type="hidden" name="action"
> value="current"> <input type="hidden" name="lastpage" value="<? echo
> $referpage;?>"> <input type="hidden" name="flag" value="login_e">
> <!-- This
> may come in handy if we want to avoid sending a person to a change
> page.-->
> <table width="396" border="0"
> cellspacing="2"
> cellpadding="0">
> <tr>
> <td width="95">UserID:</td>
> <td width="10"></td>
> <td width="200"><input type="text"
> name="userid" value="<? if($CustomerNumber!=0) {echo
> $customerdata['userid'][0];}?>" size="30"></td>
> <td class="button2" rowspan="2"
> width="100"><input type="submit" name="login" value="Login"></td>
> </tr>
> <tr>
> <td width="95">Password:</td>
> <td width="10"></td>
> <td width="200"><input
> type="password"
> name="Password" size="30"></td>
> </tr>
> </table>
> <input
> onclick="location.href='login_e.php?action=new'" type="button"
> name="new"
> value="New Customer"> <input onclick="location.href='getuserid_e.php'"
> type="button" name="new" value="Forgot my userID or Password">
> </form>
>
> When receiving the login form I do the following:
> if(isset($_POST['userid'])) {$CustomerID = $_POST['userid']; } else
> {$CustomerID='';}
> if(isset($_POST['Password'])) {$Password = $_POST['Password']; } else
> {$Password='';}
>
> if($CustomerID=='' or $Password=='') {header("Location:
> $error1url"); exit;}
>
> if($CustomerID!='' && $Password!='') {
> $viewcustomer=new FX($serverIP,$webCompanionPort);
> $viewcustomer->SetDBPassword($db_password);
> $viewcustomer->SetDBData('PUB_WebClient_.fp5','ForWeb');
> $viewcustomer->AddDBParam('userid',$CustomerID, 'eq');
> $viewcustomer->AddDbParam('Password',$Password, 'eq');
> $viewcustomerResult=$viewcustomer->FMFind();
> } else {
> header( "Location: $error1url" );
> exit ;}
> if($viewcustomerResult['errorCode']!=0) {
> header( "Location: $error1url" );
> exit ;}
>
> Any ideas?
>
> ------------------------------
> Mark Lindal
> mlindal at nrcan.gc.ca
> 250-363-0603
>
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
More information about the FX.php_List
mailing list