PHP Login System 5 Levels Security

Hi,

I need a login script with user access level for my site and in my search for such a one script I came across PHP Login System script, which has 5 levels.

I need help how I can modify this script to only 3 user levels, which should be Level 3 - Admin, Level 2 - Master, Level 1 - Agent. I have tried to do it myself but with my little programming knowledge I could not comprehend the script enough for modifying it myself.

I will appreciate any help.

Thanx.

Joseph

Hi,

those scripts are garbage, don't use them.

• Look at the date: The scripts haven't been updated since 9 years. Many functions (eregi_replace(), mysql_query()) are long obsolete and will flood your screen with deprecation warnings on any current PHP version.
• The "security" is laughable: The code relies on the infamous "Magic Quotes" feature, which should not even exist on your server. Sometimes the programmer even circumvents this feature, leaving the queries wide open to SQL injections even on old PHP setups with "Magic Quotes" turned on. And occasionally he escapes the values by hand. WTF? For the HTML, there's no escaping at all. SQL errors are reported to the user etc.
• The "forgot password" let's me change the password of any other user. And since it generates the password from weak "random" numbers, I even have a chance to guess it.
• MD5 hashes aren't exactly state of the art.
• ...

I could go on forever, but I think you get the point. Given the fact that this is supposed to be a security script, the total lack of security is just emberassing.

You should generally be very careful with scripts you find somewhere on the internet. Many of them are written by bad amateur programmers, who don't have a clue about security, let alone best practices. Many of them are also horribly outdated and haven't been touched since a decade or more.

Either write your own scripts (check the link in my signature to avoid the mistakes mentioned above). Or find an established project with professional developers and constant updates. PHP evolves, so the scripts need to keep up to that. 15-year-old code problably won't work so well today.

There is a login system tutorial right in the FAQs and Stickies of the PHP forum (at the top of the list).

There's also a "hire a programmer" forum if you want to simply pay someone to do this for you.

Few here will volunteer to do a security script for you for free. It's tedious and kind of annoying, and will only result in you asking for more (free) help.