basic security
Posted: Mon Jun 11, 2007 5:01 am
feyd | Please use
every file with protected data starts with:
The login function:
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Is the following function enough for secure login:Code: Select all
function checkUser(){
if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){
header('Location: login.php');// if user not logged they are redirected to the login page
}
}Code: Select all
<?php
checkUser(); //checking if user logged in
?>Code: Select all
session_start();
function loginUser($user,$pass){
$errorText = '';
$validUser = false;
require 'details.php';//details for database
$con = @mysql_connect($dhost, $duser, $dpass);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
@mysql_select_db($databasename, $con);
$result = @mysql_query("SELECT username, password from users");
$row = @mysql_fetch_array($result);
$usern = $row['username'];
$passw = $row['password'];
// check password
if ($usern == $user && $passw == $pass)
{
$validUser= true;
$_SESSION['userName'] = $user;
}
if ($validUser != true) $errorText = "Invalid username or password!";
if ($validUser == true) $_SESSION['validUser'] = true;
else $_SESSION['validUser'] = false;
return $errorText;
}feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]