Need expert advice about production environment, security, a
Posted: Mon Jan 11, 2010 10:30 pm
Need expert advice about production environment, security, and session
New to PHP and I am building Login system, this is the way I think, database handling part not integrate yet,
HTML form calls login.php, by using userMan.php I decided to Authenticate the user and manage the session. To logout I use endUserSession() function, to go ahead from this point, need some comments to carry on the work. Thanks in advance
Login.php
<?php
require_once("userManage.php");
$userID=$_POST['userID'];
$password=$_POST['password'];
$a=new userMan();
if ($a->auth($userID,$password)) {
$a->startUserSession($userID);
header("location:loginsuccess.php");
} else {
print "Invalid";
}
?>
userManage.php
class UserMan {
function auth($pUserID,$pPassword) {
if ($pUserID==$pPassword) {
// database part here / As test purpose when user id and password are equal allow logging
return true;
} else {
return false;
}
} // auth()
function isSession () {
if(isset($_SESSION['userID'])) {
return true;
} else {
return false;
}
} // isSession ()
function startUserSession ($pUserID) {
session_start();
$_SESSION["userID"]=$pUserID;
} //startUserSession
function endUserSession() {
session_start();
if(isset($_SESSION['userID']))unset($_SESSION['userID']);
session_destroy();
header("location:loggedOut.html");
} // endUserSession()
} //class UserMan
New to PHP and I am building Login system, this is the way I think, database handling part not integrate yet,
HTML form calls login.php, by using userMan.php I decided to Authenticate the user and manage the session. To logout I use endUserSession() function, to go ahead from this point, need some comments to carry on the work. Thanks in advance
Login.php
<?php
require_once("userManage.php");
$userID=$_POST['userID'];
$password=$_POST['password'];
$a=new userMan();
if ($a->auth($userID,$password)) {
$a->startUserSession($userID);
header("location:loginsuccess.php");
} else {
print "Invalid";
}
?>
userManage.php
class UserMan {
function auth($pUserID,$pPassword) {
if ($pUserID==$pPassword) {
// database part here / As test purpose when user id and password are equal allow logging
return true;
} else {
return false;
}
} // auth()
function isSession () {
if(isset($_SESSION['userID'])) {
return true;
} else {
return false;
}
} // isSession ()
function startUserSession ($pUserID) {
session_start();
$_SESSION["userID"]=$pUserID;
} //startUserSession
function endUserSession() {
session_start();
if(isset($_SESSION['userID']))unset($_SESSION['userID']);
session_destroy();
header("location:loggedOut.html");
} // endUserSession()
} //class UserMan