Im new here and new to PHP, I hope you can help me with some questions.
Im writing my web app, and i have login screen where user enters his username and passoword, then I check im MySQL database is it ok, and if its ok and user exists, I send him to protected pages, i have 3 protected pages that only registred users can acess.
Now the problem is I dont know should I use Sessions or Cookies to check if user is loged in? Cookies are cool and simple but I dont know how to encrypt them so anyone can see them. What is the best method to encrypt cookie?
And with Sessions I joust cant destroy session with session_destroy();
Here is the code of secure pages, and logout.php
Secure page (there are 3 of them but they are all the same as this one):
Code: <?php
session_start();
$username = $_SESSION['username'];
$password = $_SESSION['password'];
include 'database_connect.php';
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$sql = mysql_query($sql) or die(mysql_error());
$count = mysql_num_rows($sql);
if ($count !== 1) { header("location: login-fail.php"); }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PHP generated</title>
</head>
<body>
<?php echo $username . " <p>welcome to Content Manager</p>" ?>
<a href="admin-site-manager.php">Site Manager</a>
<a href="admin-account-manager.php">Account Manager</a>
<br/>
<a href="logout.php">Logout</a>
</body>
</html>
And this is logout.php
Code: <?php
session_start();
session_destroy();
header("location: index.php");
?>
So my questions are:
1. Whats wrong with this script, it works great, but logout is not working, when i click logout, it sends me to index.php, but if I enter URL of "secured" page it show me that page and tells me Im loged in :/. So i gues my logout.php is not working. I guess that after 24 minutes it wouldnt show me secure page anymore but i didnt wait that long. In documentation it writes that it takes 24 minutes for session to compleatly destroy, if we dont change php.ini file.
2. To secure pages so only registred users can acess them, like I did now, what is better, Sessions, or Cookies, or is there any way to combain them? Is it ok to use only sessions like I did? Is it secure, and what would could I get if I use cookies too. Can someone explain me when should I use Sessions and when Cookies?
3. About Cookies encryption, what is the best way to encrypt a cookie, so if Im sending $password from one page to another and store that password in a cookie, how to secure it from users to see it? What is the best way to do that?
Help with ORDER BY
Hello. I would like to order by ascending States, then Cities, then Gyms in the following code, but I can't figure it out. If anyone could help, I would truly appreciated it! if(isset($countryid))
How can I get my program to read a larger array ??
Hi:
socket communication between c++/java and sending image
hi, i have a class in c++ called win32_sockserver which creates socket to java. i am trying to send image c++ to java and using the most basic method. i am sending image's rgb values as a string. But
Material Issuing for receiving batch
Dear All experts in MM/ PP,
Help to integrate whois Domain Details to website
Hi, can i know is their any php script r methods to add domain details to my website.I mean when user wants to know the details about a particular domain they will type in a text box, so that we need
Greek characters in php
Hi,I'm making a script and I m using for first time greek characters.I started to write a simple drop down menu that loads some city names from the database. The names are in Greek in the database and
MYSQL gen help
This is my Mysql gen. can anyone tell me why this echosMID(networkset.networkid, 3, 3) AS "MNC" SELECT FROM scan JOIN gps ON scan.gpsid = gps.gpsid JOIN gsmscanset ON scan.scanid =
Email "$"
Hello!!Any PHP guy with a bit of a knowledge in Flash ?When I send a JPEG from flash how to get it to email in PHP.
Echoing a Variable from a Object
How do I get a variable from the new User Class to echo out in this clasS?class MyApp{ function __construct() { global $dbHost; global $dbUser; global $dbPass; global $dbName; $this->DB =
Redirecting Admin
In my members table, I have a field called "perm" and it's set to zero for all members. However, I have two administrators, and theirs are set to 1.I want my members page that shows up on
