criostage Posted August 17, 2011 Share Posted August 17, 2011 Hello, I m doing an small page as a side project of mine to learn php. So far so good, i been able to find what i need in order to advance but i this time i have hitted a wall on the login, in the security side (i can make it work but not as secure as i would like). Ok so heres the code i have: I have all things related to mysql in an class called mysql, where i m going to put all the queries to the database including the password and username check function logincheck($username,$password){ $this->safeusername = $this->safequery($username); $this->safepassword = $this->safequery($password); $query = mysql_query("SELECT username FROM usm_user WHERE Username='$this->safeusername' AND Password='$this->safepassword'"); $rows = mysql_num_rows($query); if($rows == 1){ return $rows; }else{ return false; } } function safequery($input){ $safeinput = mysql_real_escape_string(stripslashes($input)); return $safeinput; } then i have an page where i setup all the actions that the site can do (with an switch) require('../config.php'); require('inc.functions.php'); require('inc.mysql.php'); $mysql = new mysql($dbhost,$dbuser,$dbpwd); $authentication = new authentication; $do = isset($_GET["do"])?$_GET["do"]:""; switch ($do) { case "login": if(isset($_GET['usr'])) { $mysql->logincheck($_GET['usr'],$_GET['pwd'],$mysql,$_GET['rm'] = false); } break; case "logout": $authentication->logout(); break; On the final page i have a small form that will set the login info. My question here is how to send the password safely from the login form to the page that will call the function that will check the username and password. Like i said i can pass it through the $_GET, and i tough in using $_POST just for the password, but i would like to know if there is an better way to do it so. Thanks in advance. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.