subject:"RE\: \[PHP\] saving sessions"

RE: [PHP] saving sessions

2011-08-05 Thread Florian Müller


But please do not use cookies to store a password as code! Cookies are human 
readable with some add-ons

Check like this:

if someone registers, insert it into a table:

?php
$username = mysql_real_escape_string($_POST[username]);
$password = md5($_POST[password]);
mysql_query(INSERT INTO USER VALUES(' . $username . ',' . $password . '));
header('location: register_success.php');
?

Then, if someone wants to log in, use like this:

?php
$username = mysql_real_escape_string($_POST[username]);
$password = md5($_POST[password]);
$sel = SELECT * FROM USER WHERE USERNAME = ' . $username . ' AND PASSWORD = 
' . $password . ';
$unf = mysql_query($sel);
$count = mysql_num_rows($unf);
if ($count == 1) {
header('location: login_success.php');
}
else {
echo Login not successful!;
}
?

If you want to store something into cookies, use a name which is not good 
understandable, like a shortcut for a logical sentense:

Titcftmws   (This is the cookie for the main webSite) or something ^^

In there, you can save username and password, but PLEASE save the password at 
least md5()-encryptet, so not everyone can save it.

Now you can check like this:

?php
if ($_COOKIE['Titcftmws'] == mysql_real_escape_string($_POST[username]) . | 
. md5($_POST[password])) {
//in the cookie is for the user with username 'jack' and password 'test' 
this value: jack|098f6bcd4621d373cade4e832627b4f6
echo you are logged in;
}
else {
echo not logged in!;
}
?

This is as far as I know a quite high level of security, in comparisions with 
other ways.

Regs, Flo



 From: midhungir...@gmail.com
 Date: Fri, 5 Aug 2011 08:20:11 +0530
 To: wilp...@me.com
 CC: php-general@lists.php.net
 Subject: Re: [PHP] saving sessions
 
 On Sat, Aug 6, 2011 at 7:56 AM, wil prim wilp...@me.com wrote:
 
  Hello, im new to the whole storing sessions thing and I really dont know
  how to ask this question, but here it goes.  So on my site when someone logs
  in the login.php file checks for a the username and password in the table i
  created, then if it finds a match it will store a $_SESSION [] variable. To
  be exact the code is as follows:
  if ($count=='1')
  {
  session_start();
  $_SESSION['user']=$user;   // $user is the $_POST['user'] from the login
  form
  header('location: login_success.php');
  }
 
  Now what i would like to know is how do i make my website save new changes
  the user made while in their account?
 
  thanks!
 
 
 
 You will have to store the user account related data in the database for
 persistence Or if the site not having a 'user account system'  you may
 use cookies to store the settings...
 
 
 
 Midhun Girish

Re: [PHP] saving sessions

2011-08-04 Thread Midhun Girish

On Sat, Aug 6, 2011 at 7:56 AM, wil prim wilp...@me.com wrote:

 Hello, im new to the whole storing sessions thing and I really dont know
 how to ask this question, but here it goes.  So on my site when someone logs
 in the login.php file checks for a the username and password in the table i
 created, then if it finds a match it will store a $_SESSION [] variable. To
 be exact the code is as follows:
 if ($count=='1')
 {
 session_start();
 $_SESSION['user']=$user;   // $user is the $_POST['user'] from the login
 form
 header('location: login_success.php');
 }

 Now what i would like to know is how do i make my website save new changes
 the user made while in their account?

 thanks!



You will have to store the user account related data in the database for
persistence Or if the site not having a 'user account system'  you may
use cookies to store the settings...



Midhun Girish

RE: [PHP] saving sessions

Re: [PHP] saving sessions

2 matches

Site Navigation

Mail list logo

Footer information