Im new here and new to PHP, I hope you can help me with some questions.
Im writing my web app, and i have login screen where user enters his username and passoword, then I check im MySQL database is it ok, and if its ok and user exists, I send him to protected pages, i have 3 protected pages that only registred users can acess.
Now the problem is I dont know should I use Sessions or Cookies to check if user is loged in? Cookies are cool and simple but I dont know how to encrypt them so anyone can see them. What is the best method to encrypt cookie?
And with Sessions I joust cant destroy session with session_destroy();
Here is the code of secure pages, and logout.php
Secure page (there are 3 of them but they are all the same as this one):
Code: <?php
session_start();
$username = $_SESSION['username'];
$password = $_SESSION['password'];
include 'database_connect.php';
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$sql = mysql_query($sql) or die(mysql_error());
$count = mysql_num_rows($sql);
if ($count !== 1) { header("location: login-fail.php"); }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PHP generated</title>
</head>
<body>
<?php echo $username . " <p>welcome to Content Manager</p>" ?>
<a href="admin-site-manager.php">Site Manager</a>
<a href="admin-account-manager.php">Account Manager</a>
<br/>
<a href="logout.php">Logout</a>
</body>
</html>
And this is logout.php
Code: <?php
session_start();
session_destroy();
header("location: index.php");
?>
So my questions are:
1. Whats wrong with this script, it works great, but logout is not working, when i click logout, it sends me to index.php, but if I enter URL of "secured" page it show me that page and tells me Im loged in :/. So i gues my logout.php is not working. I guess that after 24 minutes it wouldnt show me secure page anymore but i didnt wait that long. In documentation it writes that it takes 24 minutes for session to compleatly destroy, if we dont change php.ini file.
2. To secure pages so only registred users can acess them, like I did now, what is better, Sessions, or Cookies, or is there any way to combain them? Is it ok to use only sessions like I did? Is it secure, and what would could I get if I use cookies too. Can someone explain me when should I use Sessions and when Cookies?
3. About Cookies encryption, what is the best way to encrypt a cookie, so if Im sending $password from one page to another and store that password in a cookie, how to secure it from users to see it? What is the best way to do that?
Legal Issues for SAP ERP o ERP in general
Hi experts,
session_destroy();
new to phpI have a simple login and am trying to write a logout.I set a $_SESSION var to 1 if they are logged in:if(isset($_POST['logname'])){ $UserArr = chk_lgn($_POST['logname'],$_POST['passwd']);
socket makes browser hang...
I have a socket server, and I am having a problem at the moment...A browser sends a http header request to the server, but... some browsers send one request for one file, and others want 2. For
Final year project, please point me in the right direction
hi there for my final year project I'm aiming to build a php script shell to use as an expert system ( I got a feeling this is gonna be difficult, VERY )The idea is that i create txt / csv file with
Xacute search within SQL results
I have a query that is pulling data, and I want to return a specific value from the results of that query, so I'm using the following to do this:
Get keys and values from an array
Hellow,I have an array $Data with keys and values. With a foreach I can display all the values:foreach($Data as $var){ echo $var;}but I also want to display al the keys... how can i do that?
Multithreading in Oracle (Java, SQLJ, Pro*C,??) on 10g
I am investigating how to run a Java stored procedure in multithread mode.I know that if I change the program to be multithreaded, the Database runs it fine, but it will not show any concurrency
Need understanding of this bit of code
Code: <?php // WHERE clause filters $arrSQLFilters = array(); // whether or not zip codes table needs to be included $boolIncludeZipCodes = false; // Zipcode filter
Sequre login with cookies.
I want to build secure login with cookies. I just want your ideas about this, your suggestions. What fields should go to sql table, after username and password? How to keep data in cookies safely? And
Quick fix: Conditional statement with an array
Hi, I'm getting the temperature value off of the Environment Canada website along with the icon filename, so I can display my own icons and temperature on my site. All this works and I can display the
