php security

[kaliok]

I am having a few problems dealing with the aspects of security on php pages, having read several books and looked at several web pages about it I am still having a few problems bringing it all together or finding a practical example... the following is what I am using, and would be very grateful if someone with the knowledge of such things could look at what I have used and tell me if the code is secure enough to hold of the majority of session fixation and session hijacking attempts...

 

<?php 

if (isset($_POST['submitted'])) {
require_once ('mysql_connect.php'); 
$errors = array();

if (empty($_POST['name'])) {
	$errors[] = 'You forgot to enter your name.';
} else {
	$n = escape_data($_POST['name']);
}


if (empty($_POST['password'])) {
	$errors[] = 'You forgot to enter your password.';
} else {
	$p = escape_data($_POST['password']);
}

if (empty($errors)) { 

	$query = "SELECT user_id,adminName FROM adminstaff WHERE user_id='$n' AND user_password=SHA('$p')";

	$result = @mysql_query ($query); // Run the query.
	$row = mysql_fetch_array ($result, MYSQL_NUM); 
	if ($row) { 



		session_start();
		$_SESSION['user_id'] = $row[0];

		$_SESSION['adminName'] = $row[1];
		$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
		$_SESSION['PREV_REMOTEADDR'] = $_SERVER['REMOTE_ADDR'];

		$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

		if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) 
		     {
			 $url = substr ($url, 0, -1);
			 }


		$url .= '/adminpages.php';
		header("Location: $url");

		exit(); 

	} else { 
		$errors[] = 'The name and password entered do not match those on file.'; 
	         }

}

mysql_close(); 
} else { // Form has not been submitted.
$errors = NULL;
} 


$page_title = 'Login';
include ('header.html');
if (!empty($errors)) { 
echo '<div align="center"><h1>Error!</h1> <p class="error">The following errors occured:<br />';
foreach ($errors as $msg) { 
	echo " - $msg<br />\n";
}
echo '</p><p>Please try again.</p></div>';
}

?>

<div align='center'><h2>Login</h2></div>
<form action="login.php" method="post">
<div align='center'><table>
<tr><td>Name:</td><td><input type="text" name="name" size="20" maxlength="40" /></td></tr>
<tr><td>Password: </td><td><input type="password" name="password" size="20" maxlength="20" /></td></tr>
</table></div>
  <div align='center'>
  <input type="submit" name="submit" value="Login" />
  <input type="hidden" name="submitted" value="TRUE" />
  </div>
</form>

 

and then the next page is what I want to put on subsequent pages (although I would change the line that reads: if ($_SERVER['HTTP_REFERER']!=$www.'welcomeadmin.php') to the corresponding page it was meant to come from:

 

<?
session_start();
session_regenerate_id(true);

if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
	$url = substr ($url, 0, -1); 
}
$url .= '/login.php'; 
header("Location: $url");
exit(); 
}
//------------------------------------------------------------------------------

include("dbstuff.inc.php");
mysql_connect($address,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
if ($_SERVER['HTTP_REFERER']!=$www.'adminpages.php') 
{
$url="";
$url .= $www.'/login.php'; // Add the page.
header("Location: $url");
}
<html>
<head>
</head>
<body>
[the rest of the page's html and php code would go here]
</body>
</html>
<?
mysql_close();
?>

 

If the above is wrong in some way perhaps someone could suggest what I need to specifically change in the code to get it working. I understand that the type of security I want will depend on what I am doing in the pages themselves, but for now what I want to be sure of is that the above code is right for stopping the majority of people getting to a page they shouldn't be on by force or by accident.

 

Thanks for any help and or advice in advance.