Im new here and new to PHP, I hope you can help me with some questions.
Im writing my web app, and i have login screen where user enters his username and passoword, then I check im MySQL database is it ok, and if its ok and user exists, I send him to protected pages, i have 3 protected pages that only registred users can acess.
Now the problem is I dont know should I use Sessions or Cookies to check if user is loged in? Cookies are cool and simple but I dont know how to encrypt them so anyone can see them. What is the best method to encrypt cookie?
And with Sessions I joust cant destroy session with session_destroy();
Here is the code of secure pages, and logout.php
Secure page (there are 3 of them but they are all the same as this one):
Code: <?php
session_start();
$username = $_SESSION['username'];
$password = $_SESSION['password'];
include 'database_connect.php';
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$sql = mysql_query($sql) or die(mysql_error());
$count = mysql_num_rows($sql);
if ($count !== 1) { header("location: login-fail.php"); }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PHP generated</title>
</head>
<body>
<?php echo $username . " <p>welcome to Content Manager</p>" ?>
<a href="admin-site-manager.php">Site Manager</a>
<a href="admin-account-manager.php">Account Manager</a>
<br/>
<a href="logout.php">Logout</a>
</body>
</html>
And this is logout.php
Code: <?php
session_start();
session_destroy();
header("location: index.php");
?>
So my questions are:
1. Whats wrong with this script, it works great, but logout is not working, when i click logout, it sends me to index.php, but if I enter URL of "secured" page it show me that page and tells me Im loged in :/. So i gues my logout.php is not working. I guess that after 24 minutes it wouldnt show me secure page anymore but i didnt wait that long. In documentation it writes that it takes 24 minutes for session to compleatly destroy, if we dont change php.ini file.
2. To secure pages so only registred users can acess them, like I did now, what is better, Sessions, or Cookies, or is there any way to combain them? Is it ok to use only sessions like I did? Is it secure, and what would could I get if I use cookies too. Can someone explain me when should I use Sessions and when Cookies?
3. About Cookies encryption, what is the best way to encrypt a cookie, so if Im sending $password from one page to another and store that password in a cookie, how to secure it from users to see it? What is the best way to do that?
PHP referral database. I would like this form to email the referrer.
Okay, Hello I've been trolling for years. This the first time I've ever asked for php help. Normally my questions seem so amateur when I finally find theanswer on my own. But this is making me pull my
=> and <=
So I was digging through some code when I came across the <= operator. This is the first time I've ever seen it. I felt the same way I did when I first saw a ternary statement. What is
Having Problem with Date
l have a submit buttom where user have the possibility to add a date to specify when his message should be made reachable online.I have seen a bug which l am not having a clue to solve and l need
Blank record injected into database
I always found several blank records inside my database, although $SESSION is required to insert the data into database.Why can this happen? how to prevent this?
Php - mysql select?
hi, i have this code:Code: <?phpsession_start();// dBase fileinclude "config.php";if ($_GET["op"] == "login") { if (!$_POST["username"] ||
Stopped working!
So I had to change some stuff, none of it major. Stuff like the extension_dir and such. BEFORE I did much, I had that code working fine. Then I did some changed... well a lot of changes that I cant
How to kill asynchronous postback / current postback?
Hi,here is my problem:I have a web site with many pages of which some may take time to process results. If a user wants to go to another page (by clicking on the top menu) the browser locks up till
How to ... (FAQs)
... get e-mail notifications
help with variable
I've got a problem, i want to echo some images depending on the $id, however for me to get that id i have to extract it from a query. So i've done that, but i want to extract all id's (not just 1), so
check comment for html
hi, I just wanted to check if a comment a user posts contains HTML, and if it does, to not allow it to be posted.this is my current php, any help would be very much appreciated! thanks.Code:
