Jump to content

Archived

This topic is now archived and is closed to further replies.

script

php security and session variables

Recommended Posts

Alright guys heres what I'm trying to do.

I have a webpage, there are two text boxes, ones says username the other says password. I was the user to login and will have to use an if statment for that. The users name and password are stored in my database. Would I have to use a while() to go through every username till it found the right one or does php and mysql have a field search function?

Also after they are logged in I need to reuse their username and password a few times so they only need login once, whats the best and most secure way to do that using a session variable?

-script

Share this post


Link to post
Share on other sites
This code answers all your questions... Feel free to ask questions if you don't understand something in the code...

[code]
<?php

// Convert POST data to simple variables
$username = $_POST['txtusername'];
$password = $_POST['txtuserpass'];

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'"); //Always try not to use * if you can specify individual fields instead
$login_check = mysql_num_rows($sql);

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('user_name');
$_SESSION['user_name'] = $username;
session_register('userid');
$_SESSION['userid'] = $userid;
session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name'] = $last_name;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('special_user');
$_SESSION['user_level'] = $user_level;
$_SESSION['basic_is_logged_in'] = true;

mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");

}
}

?>
[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.