Pages: [1]

Author Topic: [PHP] Admin Login without DB  (Read 1741 times)

0 Members and 1 Guest are viewing this topic.

Offline dataspy

  • Peasant
  • *
  • Posts: 99
  • Cookies: 16
    • View Profile
[PHP] Admin Login without DB
« on: April 29, 2012, 10:49:08 pm »
A simple login script that doesn’t use flat files or a database. This script will protect multiple pages with multiple users. Sessions are used so you won’t have to relogin if you leave the page, the session times out after 10 minutes.  The usernames and passwords are stored in two seperate arrays, one for users and one for passwords in the config.php file. There is a small security flaw that someone could mix and match usernames and passwords.

Demo @ http://www.data-spy.net/code/AdminWithoutDB/index.php
Screenshot @ http://www.data-spy.net/code/AdminWithoutDB/screenshot.gif
Download @ http://www.data-spy.net/code/AdminWithoutDB/AdminWithoutDB.zip
Report to moderator   Logged
The only people for me are the mad ones, the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn, like fabulous yellow roman candles exploding like spiders across the stars.
-Kerouac

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: [PHP] Admin Login without DB
« Reply #1 on: April 29, 2012, 11:34:46 pm »
Very nice James Bank. It could use better CSS styles tho :D
Also it might be a good idea to make it ban you for some time after few failed login attempts... to prevent bruteforce :)
« Last Edit: April 29, 2012, 11:36:04 pm by Kulverstukas »
Report to moderator   Logged

Offline dataspy

  • Peasant
  • *
  • Posts: 99
  • Cookies: 16
    • View Profile
Re: [PHP] Admin Login without DB
« Reply #2 on: April 30, 2012, 12:09:22 am »
Thanks!

I noticed my name was showing but it got busy at work so it took me a while to change the screenshot :)

I have a couple things I still want to change, I was thinking about limiting login attempts but haven't added that yet :)
« Last Edit: April 30, 2012, 12:12:06 am by dataspy »
Report to moderator   Logged
The only people for me are the mad ones, the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn, like fabulous yellow roman candles exploding like spiders across the stars.
-Kerouac

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: [PHP] Admin Login without DB
« Reply #3 on: May 01, 2012, 11:05:12 am »
Very bad practice of php code, please fix this little list and re-upload :) :
Check user input (so something like username a-zA-Z 0-9 and only 10 chars long,   you need limits.
Please do not rely on javascript redirection, if you do,  set a php die; after the script.
If you want a more interactive login, use AJAX it will look fancy :)
Report to moderator   Logged
~Factionwars
Pages: [1]