Secure Login Session
Posted: Wed Sep 17, 2008 5:30 am
HI...I am new to PHP and to session also...
I have made a code for my user account ...login...can anybody help me to make it secure using session or cookie
I have made a code for my user account ...login...can anybody help me to make it secure using session or cookie
Code: Select all
<?php
session_start();
require("functions.php"); ?>
<?php
//connecting to the database
dbconnect();
//fetching data from the form
$uname=check_input($_POST['username'],"Please enter your name");
$pword=check_input($_POST['password'],"Please enter your password");
//fetching data from the database
$result=mysql_query("SELECT * FROM `login_user`
WHERE `username`='$uname'") or die(mysql_error());
$row=mysql_fetch_array($result);
$un = $row['username'];
$pw = $row['password'];
$uid= $row['user_id'];
//Date
$today = date("F j, Y, g:i a");
//ip address fetching
$ip=getenv("REMOTE_ADDR");
echo "$ip";
//setting the lifetime of a session
ini_set("session.gc_maxlifetime", "18000");
//checking the user input with the database table
if(($un==$uname)&&($pw==$pword))
{
$_SESSION['suname'] = $un;
$_SESSION['spw'] = $pw;
$_SESSION['suid'] = $uid;
$_SESSION['sip'] = $ip;
$ret = mysql_query("INSERT INTO `fcdb`.`member` (`user_id`,
`uname`,
`pwd`,
`ip`,
`j_date`)
VALUES ('$uid',
'$un',
'$pw',
'$ip',
'$today')") or die(mysql_error());
}
if((!session_is_registered('suname'))&&(!session_is_registered('spw')))
{
header("location:error_login.php");
}
else
{
header("location:user_home.php");
}
?>