jamesbrauman Posted October 18, 2008 Share Posted October 18, 2008 I'll admit I'm not that experienced when it comes to user authentication. However I have tried to write some secure functions for user authentication for my website. Could you please take a look at these, and suggest any improvements or point out any flaws/errors? I want to make sure these are perfect before trying to implement them. #user authentication functions function clean_string( $value ) { if ( get_magic_quotes_gpc() ) $value = stripslashes( $value ); return mysql_real_escape_string( $value ); } function user_login($username, $password, $cookies=false) { $username = clean_string($username); $password = clean_string($password); $md5password = md5($password); $result = mysql_query("select username from members where username='$username' and md5password='$md5password'"); if (mysql_num_rows($result) != 0) { $_SESSION['auth']['username'] = $username; $_SESSION['auth']['md5password'] = $md5password; if ($cookies) { $expiry = time() + 60 * 60 * 24 * 30; setcookie("username", $username, $expiry); setcookie("md5password", $md5password, $expiry); } return true; } else { return false; } } function user_logout() { unset($_SESSION['auth']); setcookie("username", "", time() - 3600); setcookie("password", "", time() - 3600); } function user_loggedin() { if (isset($_SESSION['auth'])) { $username = $_SESSION['auth']['username']; $md5password = $_SESSION['auth']['md5password']; } else { $username = $_COOKIE['username']); $md5password = $_COOKIE['md5password']; } if ($username == "" || $md5password == "") return false; $result = mysql_query("select username from members where username='$username' and md5password='$md5password'"); if (mysql_num_rows($result) != 0) { return true; } else { return false; } } Thankyou! Link to comment https://forums.phpfreaks.com/topic/128934-user-authentication/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.