EvilZone

Programming and Scripting => Web Oriented Coding => : dataspy April 29, 2012, 10:49:08 PM

: [PHP] Admin Login without DB
: dataspy April 29, 2012, 10:49:08 PM

A simple login script that doesn’t use flat files or a database. This script will protect multiple pages with multiple users. Sessions are used so you won’t have to relogin if you leave the page, the session times out after 10 minutes.  The usernames and passwords are stored in two seperate arrays, one for users and one for passwords in the config.php file. There is a small security flaw that someone could mix and match usernames and passwords.

Demo @ http://www.data-spy.net/code/AdminWithoutDB/index.php
Screenshot @ http://www.data-spy.net/code/AdminWithoutDB/screenshot.gif
Download @ http://www.data-spy.net/code/AdminWithoutDB/AdminWithoutDB.zip

: Re: [PHP] Admin Login without DB
: Kulverstukas April 29, 2012, 11:34:46 PM

Very nice James Bank. It could use better CSS styles tho :D
Also it might be a good idea to make it ban you for some time after few failed login attempts... to prevent bruteforce :)

: Re: [PHP] Admin Login without DB
: dataspy April 30, 2012, 12:09:22 AM

Thanks!

I noticed my name was showing but it got busy at work so it took me a while to change the screenshot :)

I have a couple things I still want to change, I was thinking about limiting login attempts but haven't added that yet :)

: Re: [PHP] Admin Login without DB
: Stackprotector May 01, 2012, 11:05:12 AM

Very bad practice of php code, please fix this little list and re-upload :) :
Check user input (so something like username a-zA-Z 0-9 and only 10 chars long,   you need limits.
Please do not rely on javascript redirection, if you do,  set a php die; after the script.
If you want a more interactive login, use AJAX it will look fancy :)