Making A More Secure Login

October 1, 2008

This article is a continuation of my previous article Writing A Simple Login. I came to the realization that our login that we created earlier was not at all secure, so I decided it was time that we tackle the most basic security measures.

So starting off where our last example left off, we’ve had the users enter their username and password and passed it on to our processlogin.php file. After we’ve declared the database connections we’ll want to make a simple function that will check the variables passed through via the post. The function will look something like this.

function make_safe($variable) {
$variable = mysql_real_escape_string(trim($variable));
return $variable;
}

What this function ensures us is that anything malicious the user will try to pass through to our processing page will simply be parsed up and run through the database like normal, thus preventing the user from entering anything malicious into our input fields.

In order to use this function we should call it like so.

$username = make_safe($_POST['username']);
$password = make_safe($_POST['password']);

Thus protecting us from a malicious attack. Hopefully this has helped you out in making your login page more secure with some simple php.