If you are a PHP expert, then I really your help. I have a question regarding PHP sessions and their security. So here is my story ...
I created a login script (login.php) for my website. When a user goes to the login.php page, they see a login form that they must fill with their username and password to login to the members' area and view their profile, etc.
On that login page, when the user enters their username and password and then clicks the "Login" button, my script filters the data, sends MySQL query and checks if the login is valid. If the login is NOT valid, then they get a "Login Failed" message. If the login is valid, I register their username and the password in sessions and redirect them to the members.php page.
Here is some of my code for my login.php page after mysql confirms the login is valid
<?php
$query = mysql_query('SELECT * FROM `users` WHERE username='$user' AND password='$pass'");
$numRows = mysql_num_rows($query);
if ( $numRows ) {
// login is valid
$_SESSION['username'] = $user;
$_SESSION['pass'] = $pass;
// redirect user to members area
header('Location: /members.php');
} else {
// login is invalid
echo "Login failed";
}
?>
My question is ... is this login script secured? I mean, I am not generating any session id or any cookie. I am just storing the username and the password in two session variables and those are the things that i will use to display the user's profile, etc. Can attackers attack this script? Is this secured or is there any other way I can make it stronger?