โดย unknowszaa » 15/05/2009 2:20 pm
code ตามนี้นะครับ ช่วยดูน่อยครับว่าปลอดภัยไหม - -"
code formlogin
session_start();
if (isset($_COOKIE["user_remember"]) and isset($_COOKIE["pass_remember"]) )
{
login_cookie();
}
elseif( $_SESSION[user_id]==session_id or $_SESSION[username]!="" )
{
login_session();
}
else
{
form_login();
}
function login_cookie()
{
$username=$_COOKIE["user_remember"];
$password=$_COOKIE["pass_remember"];
echo" <font size=4 color='orange'><b><u>R</u></b></font><font size=2 color='gray'>egister </font><font size=3 color='orange'><b><u>M</u></b></font><font size=2 color='gray'>ember</font><br>";
echo " <font color='white' face='JasmineUPC' >Welcome back ...<br>
Account :</font><font color='green'> $username</font> <font color='white' size=2><br> </font>";
include "user_online.php";
echo "<br> <img src='images/arrow1.gif'> <a href='change_pass.php' >change password</a>";
echo "<br> <font size=2><a href='logout_to_index.php'> Logout </a></font><br>";
}
function login_session()
{
if($_SESSION[user_id]==session_id or $_SESSION[username]!="")
{
$username=$_SESSION[username];
echo" <font size=4 color='orange'><b><u>R</u></b></font><font size=2 color='gray'>egister </font><font size=3 color='orange'><b><u>M</u></b></font><font size=2 color='gray'>ember</font><br>";
echo " <font color='white' face='JasmineUPC' >Welcome back ...<br>
Account :</font><font color='green'> $username</font> <font color='white' size=2><br> </font>";
include "user_online.php";
echo "<br> <img src='images/arrow1.gif'> <a href='change_pass.php' >change password</a>";
echo "<br> <font size=2><a href='logout_to_index.php'> Logout </a></font><br>";
}
}
function form_login()
{
echo <<<HTMLBLOCK
<form name="login_index" action='check_memberlogin.php' method="post" onsubmit="return check_login();">
<table cellpadding="0" cellspacing="0">
<tr> <font size=4 color='orange'><b><u>R</u></b></font><font size=2 color='gray'>egister </font><font size=3 color='orange'><b><u>M</u></b></font><font size=2 color='gray'>ember</font>
</tr>
<tr>
<td align='right'><font color='black' size='2'>ID :</font></td>
<td><input type="text" name="txtuser_log" value="{$user_member}" size=15 maxlength=15></td>
</tr>
<tr>
<td align='right'><font color='black' size=2>Password : </font></td>
<td><input type="password" name="txtpass_log" size=15 maxlength=15></td>
</tr>
<tr>
<td><font size=2 color='gray'><input type="radio" name="radremember" id="radremember" value="radremember">Remember</font></td>
<td><font size=1><input type="submit" name="send" value="Submit"></font></td>
</tr>
<tr>
<td colspan='2'><hr color='#CCCCCC'></td>
</tr>
</table>
</form>
HTMLBLOCK;
}
......................
code check_member นะครับ
if (isset($_POST['send']) )
{
$username=$_POST['txtuser_log'];
$password=MD5($_POST['txtpass_log']);
$remember=$_POST['radremember'];
if($remember=="radremember")
{
$conn=mysql_connect("localhost","root","") or die("ไม่สามารถติดต่อ Host ได้");
$sql="SELECT * FROM member_tb where username='$username' and password='$password' ";
$result=mysql_db_query("member_upload_db",$sql);
$num=mysql_num_rows($result);
if ($num>0)
{
setcookie("user_remember",$username,time()+360*24*356);
setcookie("pass_remember",$password,time()+360*24*356);
session_start();
$_SESSION[user_id]=session_id();
$_SESSION[username]=$username;
//login สำเร็จ
header("location: index.php ");
}
}
if($remember<>"radremember")
{
$conn=mysql_connect("localhost","root","") or die("ไม่สามารถติดต่อ Host ได้");
$sql="SELECT * FROM member_tb where username='$username' and password='$password' ";
$result=mysql_db_query("member_upload_db",$sql);
$num=mysql_num_rows($result);
if ($num>0)
{
session_start();
$_SESSION[user_id]=session_id();
$_SESSION[username]=$username;
header("location: index.php ");
}
}
}
------
code อะไรผ่านหมดล่ะครับ cookie อะไรก็ใช้ได้ อยากรู้ว่าามันจะปลอดภัยไหมครับ ผมใช้ cookie จดจำค่า username ละก็ password ตรง password ผมได้ใส่ md5 ไว้
code ตามนี้นะครับ ช่วยดูน่อยครับว่าปลอดภัยไหม - -"
code formlogin
session_start();
if (isset($_COOKIE["user_remember"]) and isset($_COOKIE["pass_remember"]) )
{
login_cookie();
}
elseif( $_SESSION[user_id]==session_id or $_SESSION[username]!="" )
{
login_session();
}
else
{
form_login();
}
function login_cookie()
{
$username=$_COOKIE["user_remember"];
$password=$_COOKIE["pass_remember"];
echo" <font size=4 color='orange'><b><u>R</u></b></font><font size=2 color='gray'>egister </font><font size=3 color='orange'><b><u>M</u></b></font><font size=2 color='gray'>ember</font><br>";
echo " <font color='white' face='JasmineUPC' >Welcome back ...<br>
Account :</font><font color='green'> $username</font> <font color='white' size=2><br> </font>";
include "user_online.php";
echo "<br> <img src='images/arrow1.gif'> <a href='change_pass.php' >change password</a>";
echo "<br> <font size=2><a href='logout_to_index.php'> Logout </a></font><br>";
}
function login_session()
{
if($_SESSION[user_id]==session_id or $_SESSION[username]!="")
{
$username=$_SESSION[username];
echo" <font size=4 color='orange'><b><u>R</u></b></font><font size=2 color='gray'>egister </font><font size=3 color='orange'><b><u>M</u></b></font><font size=2 color='gray'>ember</font><br>";
echo " <font color='white' face='JasmineUPC' >Welcome back ...<br>
Account :</font><font color='green'> $username</font> <font color='white' size=2><br> </font>";
include "user_online.php";
echo "<br> <img src='images/arrow1.gif'> <a href='change_pass.php' >change password</a>";
echo "<br> <font size=2><a href='logout_to_index.php'> Logout </a></font><br>";
}
}
function form_login()
{
echo <<<HTMLBLOCK
<form name="login_index" action='check_memberlogin.php' method="post" onsubmit="return check_login();">
<table cellpadding="0" cellspacing="0">
<tr> <font size=4 color='orange'><b><u>R</u></b></font><font size=2 color='gray'>egister </font><font size=3 color='orange'><b><u>M</u></b></font><font size=2 color='gray'>ember</font>
</tr>
<tr>
<td align='right'><font color='black' size='2'>ID :</font></td>
<td><input type="text" name="txtuser_log" value="{$user_member}" size=15 maxlength=15></td>
</tr>
<tr>
<td align='right'><font color='black' size=2>Password : </font></td>
<td><input type="password" name="txtpass_log" size=15 maxlength=15></td>
</tr>
<tr>
<td><font size=2 color='gray'><input type="radio" name="radremember" id="radremember" value="radremember">Remember</font></td>
<td><font size=1><input type="submit" name="send" value="Submit"></font></td>
</tr>
<tr>
<td colspan='2'><hr color='#CCCCCC'></td>
</tr>
</table>
</form>
HTMLBLOCK;
}
......................
code check_member นะครับ
if (isset($_POST['send']) )
{
$username=$_POST['txtuser_log'];
$password=MD5($_POST['txtpass_log']);
$remember=$_POST['radremember'];
if($remember=="radremember")
{
$conn=mysql_connect("localhost","root","") or die("ไม่สามารถติดต่อ Host ได้");
$sql="SELECT * FROM member_tb where username='$username' and password='$password' ";
$result=mysql_db_query("member_upload_db",$sql);
$num=mysql_num_rows($result);
if ($num>0)
{
setcookie("user_remember",$username,time()+360*24*356);
setcookie("pass_remember",$password,time()+360*24*356);
session_start();
$_SESSION[user_id]=session_id();
$_SESSION[username]=$username;
//login สำเร็จ
header("location: index.php ");
}
}
if($remember<>"radremember")
{
$conn=mysql_connect("localhost","root","") or die("ไม่สามารถติดต่อ Host ได้");
$sql="SELECT * FROM member_tb where username='$username' and password='$password' ";
$result=mysql_db_query("member_upload_db",$sql);
$num=mysql_num_rows($result);
if ($num>0)
{
session_start();
$_SESSION[user_id]=session_id();
$_SESSION[username]=$username;
header("location: index.php ");
}
}
}
------
code อะไรผ่านหมดล่ะครับ cookie อะไรก็ใช้ได้ อยากรู้ว่าามันจะปลอดภัยไหมครับ ผมใช้ cookie จดจำค่า username ละก็ password ตรง password ผมได้ใส่ md5 ไว้