[FX.php List] Password encryption and PHP security

Dale Bengston dbengston at preservationstudio.com
Tue Nov 13 15:44:10 MST 2007 

What platform are you running on? What ports are open on the server?

Dale

On Nov 13, 2007, at 3:54 PM, Lindal, Mark wrote:

> Our IT people have shut down our filemaker database and Bookstore.
>
> There were two issues:
> 1. The server started trying to access remote devices and sites
> 2. They are concerned about the PHP security, in particular the
> non-encryption of passwords.
> My form is:
> <form action="loginok_e.php" method="post" name="login_e">
>                            <input type="hidden" name="action"
> value="current"> <input type="hidden" name="lastpage" value="<? echo
> $referpage;?>"> <input type="hidden" name="flag" value="login_e">  
> <!-- This
> may come in handy if we want to avoid sending a person to a change  
> page.-->
>                            <table width="396" border="0"  
> cellspacing="2"
> cellpadding="0">
>                                <tr>
>                                    <td width="95">UserID:</td>
>                                    <td width="10"></td>
>                                    <td width="200"><input type="text"
> name="userid" value="<? if($CustomerNumber!=0) {echo
> $customerdata['userid'][0];}?>" size="30"></td>
>                                    <td class="button2" rowspan="2"
> width="100"><input type="submit" name="login" value="Login"></td>
>                                </tr>
>                                <tr>
>                                    <td width="95">Password:</td>
>                                    <td width="10"></td>
>                                    <td width="200"><input  
> type="password"
> name="Password" size="30"></td>
>                                </tr>
>                            </table>
>                            <input
> onclick="location.href='login_e.php?action=new'" type="button"  
> name="new"
> value="New Customer"> <input onclick="location.href='getuserid_e.php'"
> type="button" name="new" value="Forgot my userID or Password">
>                        </form>
>
> When receiving the login form I do the following:
> if(isset($_POST['userid'])) {$CustomerID = $_POST['userid']; } else
> {$CustomerID='';}
> if(isset($_POST['Password'])) {$Password = $_POST['Password']; } else
> {$Password='';}
>
> if($CustomerID=='' or $Password=='') {header("Location:  
> $error1url"); exit;}
>
> if($CustomerID!='' && $Password!='') {
>        $viewcustomer=new FX($serverIP,$webCompanionPort);
>        $viewcustomer->SetDBPassword($db_password);
>        $viewcustomer->SetDBData('PUB_WebClient_.fp5','ForWeb');
>        $viewcustomer->AddDBParam('userid',$CustomerID, 'eq');
>        $viewcustomer->AddDbParam('Password',$Password, 'eq');
>        $viewcustomerResult=$viewcustomer->FMFind();
>        } else {
>        header( "Location: $error1url" );
>        exit ;}
>    if($viewcustomerResult['errorCode']!=0) {
>        header( "Location: $error1url" );
>        exit ;}
>
> Any ideas?
>
> ------------------------------
> Mark Lindal
> mlindal at nrcan.gc.ca
> 250-363-0603
>
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

More information about the FX.php_List mailing list