YES YOU WOULD WANT TO PROTECT GET AND POST DATA.
Lets start with making a default session function
that will always be the values for session data unless
the user correctly logs in:
Code: Select all
function session_defaults() {
$_SESSION['logged'] = 'false';
$_SESSION['userid'] = 'false';
$_SESSION['password'] = 'false';
$_SESSION['username'] = 'Guest';
}Code: Select all
if($_SESSION['loginname']=='Guest' || $_SESSION['logged']=='false' || $_SESSION['userid']=='false' || $_SESSION['password']=='false')
{
echo "
<div align='center'>
<h1>Login</h1>
<p><form method='post' action=''>
Username: <input type='text' name='username' /><br />
Password: <input type='password' name='password' /><br />
<input type='submit' name='submit' value='Log in' />
</form></p>
</div>
";
exit;
}Code: Select all
if ($_POST['submit'])&& $_POST['username'] && $_POST['password'])
{
$username = $_POST['username'];
$password = sha1($_POST['password']);
$sql = mysql_query("SELECT * FROM table WHERE name='$username' AND pass='$password'");
$login_check = mysql_num_rows($sql);
if($login_check > 0)
{
while($row = mysql_fetch_array($sql))
{
$_SESSION['displayname']= $username;
$_SESSION['loginname'] = sha1($username);
$_SESSION['password'] = sha1($password);
$_SESSION['logged'] = sha1('yes');
$_SESSION['userid'] = sha1($row['userid']);
}
}
else if ($login_check == 0)
{
session_defaults();
echo "<p align='center'>Please Try Again!</p>";
}
}into SHA1? Except for the 'displayname' which would be used to
say hi to the user or something......
whatcha think?