When logged in show content in PHP -
i saw lot of examples login
scripts in php language
, examples different... want ask if got idea, how make log in script, right or no. safe use way? here code:
the page login index.php
:
<!doctype html> <html> <head> <title>login page</title> </head> <body> <form action="login.php" method="post"> login: <br> <input name="login" type="text" /><br> password: <br> <input name="pass" type="text" /><br> <br> <input type="submit" value="log in!" /> </form> </body> </html>
second page check if username/password
correct , set $_session['logged']
true
(if it's ok ofcourse....) login.php
<?php if($_post['login'] == 'user' && $_post['pass'] = 'demo'){ session_start(); $_session['logged'] = true; header('location: loged.php'); } else { echo "wrong password or username"; } ?>
and last 1 show content after login logged.php
<?php session_start(); if($_session['logged']){ /* various things add new item database, delete database record , etc */ echo "here admin panel"; } else { echo "you have login first"; } ?>
so question is: way right use , safe enough used live? answers!!!
"safe" relative term, model not safe, no. it's more safer if:
- you use
<input type=password>
instead of<input type=text>
password field (this make letters typed invisible) - you use ssl (https) encrypt web page, @ least when password being sent
- you don't store password in database directly, instead store one-way hash; when testing password correctness hash same way , compare results -- sha1 common hash this, md5 better nothing.
Comments
Post a Comment