Witam, mam skrypt na logowanie, działa w miarę dobrze ale nie jestem pewny czy nie jest podatny na ataki typu sql injection itd.
Mógłby ktoś się wypowiedzieć na ten temat?
<?php
$title = login;
include('../global/global_header.php');
echo'<h1>Logowanie</h1>';
if(!$_SESSION['derinwebses']){
echo'<form href="#" name="loginform" method="POST">';
echo'<input name="login" type="text" placeholder="Login" maxlength="40" size="20" class="loginpad" required>';
echo'<input name="password" type="password" AUTOCOMPLETE="off" placeholder="Hasło" maxlength="40" size="20" class="passpad" required>';
echo'<button class="loginbutton" onClick="document.loginform.submit();">Zaloguj</button>';
echo'</form>';
}else{
echo'<script>';
echo'location.href="#";';
echo'</script>';
}
$link = mysqli_connect('**', '**', '**', '**');
if (isset($_POST['login']) && isset($_POST['password']) && $_SESSION['derinwebses'] == FALSE) {
$passencrypted = mysqli_real_escape_string($link, htmlspecialchars(strip_tags($_POST['password'])));
if($passencrypted != "")$pass = hash('sha512', $passencrypted);
$login = mysqli_real_escape_string($link, htmlspecialchars(strip_tags($_POST['login'])));
$sql1 = mysqli_num_rows(mysqli_query($link, "SELECT * FROM `users` WHERE `login` = '$login' AND `password` = '$pass' AND `ranga` = '100'"));
$checksisid = mysqli_query($link, "SELECT privagles FROM `users` WHERE `login` = '$login' AND `password` = '$pass'");
$checkemail = mysqli_query($link, "SELECT email FROM `users` WHERE `login` = '$login' AND `password` = '$pass'");
while($checkbs = mysqli_fetch_array($checksisid))
while($checmail = mysqli_fetch_array($checkemail))
{
$_SESSION['chuj'] = $checkbs[privagles];
$_SESSION['mail'] = $checmail[email];
}
if ($sql1 == 1) {
$admin = true;
$check = 1;
}
else
{
$admin = false;
echo'<script>';
echo'alert("Złe hasło lub login.");';
echo'</script>';
}
if ($admin)
{
$_SESSION['user'] = $login;
$_SESSION['derinwebses'] = TRUE;
if($check == 1){
echo'<script>';
echo'location.href="#";';
echo'</script>';
$check = 0;
}
}
}
if ($_SESSION['derinwebses']){
if ($_GET[logout])
{
$_SESSION['derinwebses'] = FALSE;
$_SESSION['chuj'] = FALSE;
$_SESSION['mail'] = FALSE;
session_destroy();
echo'<script>';
echo'location.href="#";';
echo'</script>';
}
}
include('../global/global_footer.php');
?>