When logged in show content in PHP -


i saw lot of examples login scripts in php language, examples different... want ask if got idea, how make log in script, right or no. safe use way? here code:

the page login index.php:

<!doctype html> <html>  <head>   <title>login page</title> </head>  <body>      <form action="login.php" method="post">     login: <br>     <input name="login" type="text" /><br>     password: <br>     <input name="pass" type="text" /><br>         <br>     <input type="submit" value="log in!" />     </form>  </body> </html> 

second page check if username/password correct , set $_session['logged'] true (if it's ok ofcourse....) login.php

<?php if($_post['login'] == 'user' && $_post['pass'] = 'demo'){ session_start(); $_session['logged'] = true; header('location: loged.php'); } else { echo "wrong password or username"; }  ?> 

and last 1 show content after login logged.php

    <?php     session_start();     if($_session['logged']){     /* various things add new item database, delete database record , etc */    echo "here admin panel";     } else {     echo "you have login first";     }      ?> 

so question is: way right use , safe enough used live? answers!!!

"safe" relative term, model not safe, no. it's more safer if:

  • you use <input type=password> instead of <input type=text> password field (this make letters typed invisible)
  • you use ssl (https) encrypt web page, @ least when password being sent
  • you don't store password in database directly, instead store one-way hash; when testing password correctness hash same way , compare results -- sha1 common hash this, md5 better nothing.

Comments

Popular posts from this blog

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

sql - Postgresql tables exists, but getting "relation does not exist" when querying -

asp.net mvc - breakpoint on javascript in CSHTML? -