Page 1 of 1

Secure Login Session

Posted: Wed Sep 17, 2008 5:30 am
by avirup
HI...I am new to PHP and to session also...
I have made a code for my user account ...login...can anybody help me to make it secure using session or cookie

Code: Select all

<?php 
session_start();
require("functions.php"); ?>
<?php
//connecting to the database
dbconnect();
 
//fetching data from the form 
$uname=check_input($_POST['username'],"Please enter your name");
$pword=check_input($_POST['password'],"Please enter your password");
 
//fetching data from the database 
$result=mysql_query("SELECT * FROM `login_user`           
                             WHERE `username`='$uname'") or die(mysql_error());
                             
$row=mysql_fetch_array($result);
$un = $row['username'];
$pw = $row['password'];
$uid= $row['user_id'];
 
//Date 
$today = date("F j, Y, g:i a");
 
//ip address fetching
$ip=getenv("REMOTE_ADDR");
echo "$ip";
 
//setting the lifetime of a session
ini_set("session.gc_maxlifetime", "18000"); 
 
//checking the user input with the database table
if(($un==$uname)&&($pw==$pword)) 
{
$_SESSION['suname'] = $un;
$_SESSION['spw'] = $pw;
$_SESSION['suid'] = $uid; 
$_SESSION['sip'] = $ip; 
 
$ret = mysql_query("INSERT INTO `fcdb`.`member` (`user_id`, 
                                          `uname`,
                                          `pwd`,
                                          `ip`,
                                          `j_date`)  
                    VALUES ('$uid',
                            '$un',
                            '$pw',
                            '$ip',
                            '$today')") or die(mysql_error());
}
 
if((!session_is_registered('suname'))&&(!session_is_registered('spw'))) 
{
header("location:error_login.php");
}
else
{
header("location:user_home.php");
}                       
?>