Okay so I have a PHP script that creates user acounts and encrypts the password then saves it into the database. The login form just compares the users password with a password in the database. The database has a password to connect to and user name. Is this enough security for my sites login? Or is there other things I should be doing?

Hello, it's enough, you are comparing username and password from user to database, the only two input that can identify the user are username and password, but make sure you are making the username unique.

you can also add login failed counter and assign the count in session. Define how many failed login would you allow, before requiring an account reset or captcha.

Test your login script with the most common login hacks e.g. type OR'' on the password field, without typing any username... if the script shows the mysterious user as logged in, then you need to sanitize more..

Yes I am making the names unique. But let's say I have 5000 users and this would be secure enough for that many people?

As long as this is not a higly confidential banking or government site this might be enough. Hopefully you have done the password hashing as per good practices. You might want to check this link.

Other aspect of security is input data validation/sanitization (username and password) to prevent sql injections.

When you mean sanitization do you mean put all input data into this mysql_real_escape_string($_POST['$varaible'])?

mysql_real_escape_string() is a must, you need to use it almost on every variable, in which value is taken from the user, to prevent SQL Injection.
Even if you have million users, if an action is applicable on one user, it will be applicable for all :)

lol thanks for all the help! So mysql_real_escape_string() is all i need to put the varaible into to stop sql injection?

Escaping values using mysql_real_escape_string or similar (i.e. mysqli_real_escape_string) function greatly minimizes a possibility of sql injection by escaping dangerous characters. Some other things you have to do are (not a comprehensive list):

  • put quotes arround any query parameters - even numbers
  • or use prepared statements, but this method is slightly less efficient
  • validate input values (if you expect a number check it with is_numeric, if you expect an integer within known range check for the range, check strings for maximum lenght, whitelist values if possible)

Also use newer mysqli extension instead of old mysql which might soon get deprecated.

More on this topic is here and here.

And more on login security.

Member Avatar


Personally, I'd use prepared statements (PDO flavour), BUT you need to validate the data too. All data from POST vars should be strings anyway, but you can check for integer or float or date formats, etc. If any of the inputs fall outside the allowed parameters, flag an error - do not run the query.

One more thing: if password is incorrect, do not tell that to the user; if username is incorrect, do not tell that to the user. Allways tell them that login failed, but not the reason. This way you give no clue to potential attacker.

Thanks for all the help! I have taken all of your input and am using it to create my secure login.