samedi 28 mars 2015

Passwords with simple if statement

I apologize if this is a duplicate, I tried searching for this and haven't found exactly what I'm looking for.


Ok so let's say I have a code like this



<?php
$user = $_POST['username'];
$pass = $_POST['password'];

if ($user == "admin" && $pass == "password")
{
echo "Password correct";
}

else
{
echo "Password incorrect";
}
?>


How effective would this method of username/password validation be? I know it's not the best way to do this but why not? How exactly could someone hack this?


I've seen some example's like this



<?php
$user = $_POST['username'];
$pass = $_POST['password'];

if ($user == "admin" && $pass == "password")
{
include "correct.html";
}

else
{
echo "Password incorrect";
}
?>


But I know that would be worse since someone could just directly access the "correct.html" file and bypass the initial security check. However by using echo would they be able to go around the username/password check?


Aucun commentaire:

Enregistrer un commentaire