Login forms and sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
impulse()
Forum Regular
Posts: 748
Joined: Wed Aug 09, 2006 8:36 am
Location: Staffordshire, UK
Contact:

Login forms and sessions

Post by impulse() »

Hopefully you can help me in evaluating security.
At the moment I have a shop site, it's not open to the public, it's just a test site. And I have a login form on the left with a username and password field and a submit button. When the user hits submit it takes them to a different PHP form where it determines if the user and password match those in a DB, if it doesn't a variable ($loggedIn) continues to be '0' but if the details do match those in a DB the value of $loggedIn is changed to '1'. $loggedIn is a session variable by the way.
If the main website detects that $loggedIn is equal to 1 it displays admin tools such as buttons and text fields to edit and add DB entries.

Is this a safe way of running a site or is this sufficiant?

Regards,
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Re: Login forms and sessions

Post by volka »

impulse() wrote:$loggedIn is a session variable by the way.
Then you're using the old, stone-age session_register().
Use $_SESSION instead. Sess http://de2.php.net/manual/en/ref.session.php
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

other than what volka said, you're on the right track.
Post Reply