Jump to content


Photo

php security and session variables


  • Please log in to reply
1 reply to this topic

#1 script

script
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 25 October 2006 - 08:18 PM

Alright guys heres what I'm trying to do.

I have a webpage, there are two text boxes, ones says username the other says password. I was the user to login and will have to use an if statment for that. The users name and password are stored in my database. Would I have to use a while() to go through every username till it found the right one or does php and mysql have a field search function?

Also after they are logged in I need to reuse their username and password a few times so they only need login once, whats the best and most secure way to do that using a session variable?

-script

#2 gmwebs

gmwebs
  • Members
  • PipPipPip
  • Advanced Member
  • 174 posts
  • LocationLondon

Posted 25 October 2006 - 09:05 PM

This code answers all your questions... Feel free to ask questions if you don't understand something in the code...

<?php

// Convert POST data to simple variables
$username = $_POST['txtusername'];
$password = $_POST['txtuserpass'];

// Convert password to md5 hash
	$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'"); //Always try not to use * if you can specify individual fields instead
$login_check = mysql_num_rows($sql);

if($login_check > 0){
	while($row = mysql_fetch_array($sql)){
	foreach( $row AS $key => $val ){
		$$key = stripslashes( $val );
	}
		// Register some session variables!
		session_register('user_name');
		$_SESSION['user_name'] = $username;
		session_register('userid');
		$_SESSION['userid'] = $userid;
		session_register('first_name');
		$_SESSION['first_name'] = $first_name;
		session_register('last_name');
		$_SESSION['last_name'] = $last_name;
		session_register('email_address');
		$_SESSION['email_address'] = $email_address;
		session_register('special_user');
		$_SESSION['user_level'] = $user_level;
		$_SESSION['basic_is_logged_in'] = true;

		mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");

	}
}

?>





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users