But please do not use cookies to store a password as code! Cookies are human
readable with some add-ons
Check like this:
if someone registers, insert it into a table:
?php
$username = mysql_real_escape_string($_POST[username]);
$password = md5($_POST[password]);
mysql_query(INSERT INTO USER VALUES(' . $username . ',' . $password . '));
header('location: register_success.php');
?
Then, if someone wants to log in, use like this:
?php
$username = mysql_real_escape_string($_POST[username]);
$password = md5($_POST[password]);
$sel = SELECT * FROM USER WHERE USERNAME = ' . $username . ' AND PASSWORD =
' . $password . ';
$unf = mysql_query($sel);
$count = mysql_num_rows($unf);
if ($count == 1) {
header('location: login_success.php');
}
else {
echo Login not successful!;
}
?
If you want to store something into cookies, use a name which is not good
understandable, like a shortcut for a logical sentense:
Titcftmws (This is the cookie for the main webSite) or something ^^
In there, you can save username and password, but PLEASE save the password at
least md5()-encryptet, so not everyone can save it.
Now you can check like this:
?php
if ($_COOKIE['Titcftmws'] == mysql_real_escape_string($_POST[username]) . |
. md5($_POST[password])) {
//in the cookie is for the user with username 'jack' and password 'test'
this value: jack|098f6bcd4621d373cade4e832627b4f6
echo you are logged in;
}
else {
echo not logged in!;
}
?
This is as far as I know a quite high level of security, in comparisions with
other ways.
Regs, Flo
From: midhungir...@gmail.com
Date: Fri, 5 Aug 2011 08:20:11 +0530
To: wilp...@me.com
CC: php-general@lists.php.net
Subject: Re: [PHP] saving sessions
On Sat, Aug 6, 2011 at 7:56 AM, wil prim wilp...@me.com wrote:
Hello, im new to the whole storing sessions thing and I really dont know
how to ask this question, but here it goes. So on my site when someone logs
in the login.php file checks for a the username and password in the table i
created, then if it finds a match it will store a $_SESSION [] variable. To
be exact the code is as follows:
if ($count=='1')
{
session_start();
$_SESSION['user']=$user; // $user is the $_POST['user'] from the login
form
header('location: login_success.php');
}
Now what i would like to know is how do i make my website save new changes
the user made while in their account?
thanks!
You will have to store the user account related data in the database for
persistence Or if the site not having a 'user account system' you may
use cookies to store the settings...
Midhun Girish