#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    1
    Rep Power
    0

    Help this php code


    1)Write a PHP code for previous login form using cookie and store the username & password for specific time period.
    PHP Code:
    <?php 
    $user 
    $_post['uname'];
    $pass $_post['pword'$con=mysql_connect("localhost","root",""); mysql_select_db("msc");
     
    $res=mysql_query("select userneme,password from login wher username =$user and password=$pass"); 
    if(
    $res==true

    echo
    "user id and password authenticated"
    if(isset(
    $post['remmbermer'])) 
    setcookie($_post['uname'],time()+60); setcookie($_post['pword'],time()+60); 

    else 
    echo
    "invalid usename/password"?>
    its correct?
    i also want 2php program assignment answer .i m new php learner help this
    2.Write a PHP code for the following file handling mechanism
    a) Copy the content of the file into another file
    b) Encode and decode the file using built in functions
    c) Read some URL and retrieve the only the anchor tages <a> from the
    web page.
    3.Create a web page for Email form with headers [cc,bcc] and write a PHP
    script for sending mail to some valid Email Id.
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    before you do anything, you first need to rewrite the whole code and introduce basic security measures. Currently, you have no security whatsoever. Anybody could use this piece of code to capture your whole server. Seriously.

    As a more "harmless" example, anybody can log in as an admin by simply POSTing this:

    Code:
    uname: ''
    pword: '' or username = 'admin'
    Since you insert the values directly into your query, I can inject SQL commands to manipulate the query and change it into this:
    Code:
    select username, password from login where username = '' and password = '' or username = 'admin'
    (leaving aside the fact that your code doesn't even run due to various typos and syntax errors)

    Read The 6 worst security sins and then rewrite the code.

    Since you said that this is an assignment(?), you may not find it important to secure your code. But it's especially important in an assignment, because it shows whether or not you're able to write proper code. If I were your teacher/professor and you gave me this piece of code, I think we'd have a serious talk.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo