Jump to content

Is an SSL encryption with session based redirect secure enough?

greenace92

By greenace92
in PHP Coding Help

 Share

Recommended Posts

greenace92 Regular Member

greenace92

Posted
Posted

I'm working on a project manager site where I can show project files to authorized users, those being members of the site.

 

So far the pages have a basic if empty session redirect but I wonder if that is safe enough?

 

I want to have the photos/text not accessible to the public.

Where should I look for this?

Link to comment
Share on other sites
  • 2 weeks later...
greenace92 Regular Member

greenace92

Posted
  • Author
Posted (edited)

Hello scootstah,

 

Thank you for your response.

 

I apologize that it's been a while.

 

This is what I have been using, I made this a while ago, it is really messy. I'm not sure if it is correct. It works as far as setting the session and with exit but it's sort of sporadic.

 

This is test_input something I picked up from W3Schools I think I have been told not to use some of the filters because of special characters that users may enter, I'll have to see what each one does.

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
  
}

The triple-s password is to discern from the password to access the database where users are stored, this was before I adopted including a database login file.

if (empty($errors)){

$company_name = test_input($_POST['company_name']);
$passsword = $_POST['passsword'];

$hash = password_hash($passsword, PASSWORD_BCRYPT, array("cost" => 9));

$stmt = $link->prepare('SELECT company,hash FROM companies where company=?');
$stmt->bind_param('s',$company_name);

if($stmt->execute())
{
    $stmt->bind_result($company_name_from_db,$hash_from_db);
    if($stmt->fetch())
    {
       if ($company_name_from_db==$company_name){
       	if (password_verify($passsword, $hash_from_db)) {
       	$_SESSION['company'] = $company_name_from_db;
function Redirect($url, $permanent = false)
{
    if (headers_sent() === false)
    {
        header('Location: ' . $url, true, ($permanent === true) ? 301 : 302);
    }

    exit();
}
Redirect('site_url', false);
       	}
       	else {
       	$errors['password']="error";
$errors['company_name']="error";
       	}
       }
       else {
      $errors['password']="error";
$errors['company_name']="error";
       }
       }else {
      $errors['password']="error";
$errors['company_name']="error";
       }
       $link->close();
    }else {
      $errors['password']="error";
$errors['company_name']="error";
       }
        $host  = $_SERVER['HTTP_HOST'];
        $uri   = $_SERVER['REQUEST_URI'];
        header("Location: http://$host$uri");
        exit;
        $link->close();
}
Edited by greenace92
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.