php5 user authentication and remember me function
Posted: Fri Feb 13, 2009 8:14 pm
Hi guys,
I guess you guys will laught at my azz. I jus started using php like 2 months ago. I was developing web applicationusing java using appfuse framework. I need to find an example for implementing user authentication and remember me function. Can anyone give me show where can i get those info.
I have seen some example where after user has been authenticated, they set a flag to 1 like below:
session_start();
$_SESSION['authenticated'] = 1;
or some even just set the username in the session like
$_SESSION['username'] = 'markthien';
so in every secure pages which they just check if the session variable is set like below:
if (!isset($_SESSION['username']) {
// redirect to login page
} else {
// display the secure page
}
I am just wondering is this a proper way or secure way to check if user is logon? is it possible for some hacker to like change the 'authenticated' session variable to 1 then they don't even need to login and able to access the secure page?
appreciate any help please.
thanks & regards,
Mark
I guess you guys will laught at my azz. I jus started using php like 2 months ago. I was developing web applicationusing java using appfuse framework. I need to find an example for implementing user authentication and remember me function. Can anyone give me show where can i get those info.
I have seen some example where after user has been authenticated, they set a flag to 1 like below:
session_start();
$_SESSION['authenticated'] = 1;
or some even just set the username in the session like
$_SESSION['username'] = 'markthien';
so in every secure pages which they just check if the session variable is set like below:
if (!isset($_SESSION['username']) {
// redirect to login page
} else {
// display the secure page
}
I am just wondering is this a proper way or secure way to check if user is logon? is it possible for some hacker to like change the 'authenticated' session variable to 1 then they don't even need to login and able to access the secure page?
appreciate any help please.
thanks & regards,
Mark