Password Protection Holes

[djzalzer]

<?php

// set the password here.

$thePassword = 123;

// ======================

if (!isset ($_POST["checkThis"])) {
echo '
<form action="admin.php" method ="post">
<input type="text" name="checkThis">
<input type="submit">
</form>
';

} elseif ($_POST["checkThis"] == $thePassword){
echo '<b>Admin Panel</b>'; 

} else {

die('Sorry, wrong password was given. :[');

}

?>

Are there any holes in my home-coded method?  If so, what are they?

 

[___]

Well it's extremely open to brute force attacks, but most simple password schemes are.  Anyone who gains FTP or shell access to your web host can potentially steal your password since it's unencrypted and contained within a PHP file (e.g. malicious or bored server admins, crackers who have gained illegitimate read-access); it's much more secure to store it in a database and encrypt it using SHA1 or AES (in mySQL).  XSS attacks are a forseeable problem since you don't perform any validation or sanitation on the input string before checking it, but if you're the only person expected to log in and the password is never printed I wouldn't know how to pull an attack off.  It's always better to validate and sanitize when accepting user input though.

That's all I can think of off the top of my head but I'm not a cracker or security expert, and also because vulnerabilities elsewhere in your code could possibly interact with this in some way.

 

[djzalzer]

I might've put it in a database but I'm trying to make a basic content management system without using any databases at all (file based storage) for practice.

Pardon the noobiness, but what exactly do you mean by validation and sanitation?

 

[___]

Validation is where you check user submitted data to make sure it meets the formatting requirements you expect.  For instance in a password you might want to limit it to alphanumeric characters and 6-16 character length, in which case you'd run it against a regexp like ^[a-zA-Z0-9]{6-16}$ or something similar.  The purpose is to limit the range of things a user can do and thus limit the range of unexpected circumstances you have to deal with, which result in bugs.  For instance if you're storing your passwords in a database, and your password field is limited to 16 characters, what happens when you send it an 18 character password?  Splat.

Sanitation is where you strip out potentially dangerous characters and escape characters that you want to keep, but that may have special significance to your data structure.  When you sanitize a forum post for instance you remove or escape HTML tags to prevent people from breaking the forum layout or inserting malicious scripts.  As another example, suppose you store some user submitted information in a file and you seperate each field by a comma.  In that case you want to either strip out commas, replace them with a dummy character that you'll replace with a comma again before displaying information, or escape them by using an html entity or a backslash, so that the code you write to read the field doesn't pick up the comma as a separator by mistake.

Oh, the reason people use databases is they're a lot faster, more efficient and easier to maintain than file based storage, what need are you looking to meet by not using a database?  It seems like you're actually going to end up with a more complicated system, rather than a less complicated one.

 

[djzalzer]

The need of "free hosts that don't allow use of databases or limited use" or "me having to finally get around to learning how to use arrays."

Thanks for your explanations, I'll try and implement some of that.

 

[___]

Good luck with it then, make sure to implement some sort of archiving and cleanup if you're worried about limited host services.