More secure admin logins

A good way to improve the security of your website administration login is to restrict the input field length for the username and password to something reasonable. This is commonly done with the “maxlength” attribute in HTML:

<input type="text" name="username" value="" size="30" maxlength="30" />
<input type="password" name="password" value="" size="30" maxlength="30" />

As an added precaution, your login form should also make sure it strips any surplus characters, once the data has been submitted. If your server-side language is PHP, you could use the substr() function to restrict the input data to match the “maxlength” attribute above:

if (isset($_POST['username'])) {
   $username = substr(trim($_POST['username']), 0, 30);
   $username = mysql_real_escape_string($username);
} else {
   $username = '';
}
if (isset($_POST['password'])) {
   $password = substr(trim($_POST['password']), 0, 30);
   $password = mysql_real_escape_string($password);
} else {
   $password = '';
}

The restriction via substr() is especially important because it will help protect your website from the script kiddies as well.

Posted in HTML, PHP, Security, Tips, Usability by Ivan