Webmaster-Talk.com > Coding Talk > PHP Forum > Login Script and Checking

Reply
Login Script and Checking
Old 08-05-2004, 10:13 AM Login Script and Checking
Super Talker

Posts: 121
Trades: 0
Talkupation: vegancoder will become famous soon enough
I am trying to write a set of functions and other useful things to aid in the development of my sites, one of them is my login script and the login checking.

Here is how it works the user logs in through a form and a session is created that holds information about the user, each page then checks to see if the session has benn created and if it hasnt sends the user to the login page. Here is my code

This is the login code that handles the logging in process...
PHP Code:
include('db.php'); //include the database information

$username $_POST["username"]; //get variables from login page
$password $_POST["password"];

$result mysql_query("SELECT * from users WHERE user='$username'and password='$password'")
   or die ("Name and password not found or not matched");

$worked mysql_fetch_array($result);

$id $worked[id];
$username $worked[user];
$password $worked[password];
$email $worked[email];


if($worked){
    $_SESSION['id'] = $id;
    $_SESSION['logged_in'] = "yes";
    $_SESSION['user_name'] = $username;
    $_SESSION['password'] = $password;
    $_SESSION['user_email'] = $email;
    include('cpanel.php');
    }
else{
    echo "Name and password not found or not matched";
    }
mysql_close(); 
...and here is the code to check if they are logged in

PHP Code:
if ($_SESSION['logged_in'] != "yes"){
    echo "<div align=\"center\"> You must be logged in to view this page!<br><a href=\"index.php?page=admin/loginform\">Click here to login</a>";
    exit;
//check to see if user is logged in or not if not send to login page 
Can anyone tell me if this is secure or not? And can you suggest any improvements?

Or if you think its good you can tell me that aswell

Thanks alot!
vegancoder is offline
Reply With Quote
View Public Profile
 
 
When You Register, These Ads Go Away!
Old 08-05-2004, 11:16 AM
Unknown.

Posts: 1,693
Trades: 0
Talkupation: Dark-Skys99 is on a distinguished road
The best way would be checking if the session exists and if not you can redirect them or display a message...

e.g

PHP Code:
session_start();
if (!session_is_registered("logged_in")) {
header("Location: loginpage.php");
exit; } 
or

PHP Code:
session_start();
if (!session_is_registered("logged_in")) {
echo "You are not logged in";
exit; } 
This way if the session doesnt exist they cannot view the page..

-James
Dark-Skys99 is offline
Reply With Quote
View Public Profile
 
Reply     « Reply to Login Script and Checking
 
Previous Thread | Next Thread Webmaster-Talk.com > Coding Talk > PHP Forum > Login Script and Checking

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Webmaster Resources Marketplace:
Software Development Company | Webhosting.UK.com | Text Link Brokers | Dedicated Server Hosting | Managed Hosting 


   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML

 



Page generated in 0.12083 seconds with 13 queries