Im new here and new to PHP, I hope you can help me with some questions.
Im writing my web app, and i have login screen where user enters his username and passoword, then I check im MySQL database is it ok, and if its ok and user exists, I send him to protected pages, i have 3 protected pages that only registred users can acess.
Now the problem is I dont know should I use Sessions or Cookies to check if user is loged in? Cookies are cool and simple but I dont know how to encrypt them so anyone can see them. What is the best method to encrypt cookie?
And with Sessions I joust cant destroy session with session_destroy();
Here is the code of secure pages, and logout.php
Secure page (there are 3 of them but they are all the same as this one):
Code: <?php
session_start();
$username = $_SESSION['username'];
$password = $_SESSION['password'];
include 'database_connect.php';
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$sql = mysql_query($sql) or die(mysql_error());
$count = mysql_num_rows($sql);
if ($count !== 1) { header("location: login-fail.php"); }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PHP generated</title>
</head>
<body>
<?php echo $username . " <p>welcome to Content Manager</p>" ?>
<a href="admin-site-manager.php">Site Manager</a>
<a href="admin-account-manager.php">Account Manager</a>
<br/>
<a href="logout.php">Logout</a>
</body>
</html>
And this is logout.php
Code: <?php
session_start();
session_destroy();
header("location: index.php");
?>
So my questions are:
1. Whats wrong with this script, it works great, but logout is not working, when i click logout, it sends me to index.php, but if I enter URL of "secured" page it show me that page and tells me Im loged in :/. So i gues my logout.php is not working. I guess that after 24 minutes it wouldnt show me secure page anymore but i didnt wait that long. In documentation it writes that it takes 24 minutes for session to compleatly destroy, if we dont change php.ini file.
2. To secure pages so only registred users can acess them, like I did now, what is better, Sessions, or Cookies, or is there any way to combain them? Is it ok to use only sessions like I did? Is it secure, and what would could I get if I use cookies too. Can someone explain me when should I use Sessions and when Cookies?
3. About Cookies encryption, what is the best way to encrypt a cookie, so if Im sending $password from one page to another and store that password in a cookie, how to secure it from users to see it? What is the best way to do that?
need help to creat database
Hello Team, please guys i am stuck from three days with paypal issue for IPN but no luck yet now i wants to do other method. i have used this form to send info to paypal and everything is working ok
Why is my row count 0?
Here's the MySQL query i'm running. It basically pulls data from 2 tables based on some data passed.Here are things i know.1. The data passed is passed correctly, and is correct as far as data goes.2.
PHP & MS Access - Line Break
Hey Guys!I'm pulling records from an MS Access database and listing them using PHP and I'm running into an error that I can't seem to figure out.Please see the code below:Code: if
Get keys and values from an array
Hellow,I have an array $Data with keys and values. With a foreach I can display all the values:foreach($Data as $var){ echo $var;}but I also want to display al the keys... how can i do that?
On page view, minus credit
Hello all, please, I need a little help with this script. I am charging one credit (credits can be purchased, but that is unrelated) for view of a certain page. I need help in figuring out what php I
single page with referrer to show correct page
I have a simple website with a couple of different pages. I would like to be able to in a div tag with a php require or even inside the same page be able to show whatever link is clicked on that part
Users and Groups with PHP Classes
Hi,I have setup what I hope to be a good working User class. Now I want to introduce group membership and group permissions. Before doing so, I have a couple of questions.Firstly, because users and
Socket programming
Hello all,I have a PHP socket script. GPS trackers connect to this socket. IMEI verification takes place and if that is ok, the code is passed to a database. Also if the code contains alert-info, SMS
Extract text from string
Hi folks,I have a string that looks like this:aaaaaaaaaa: bbbbbbbbbb (ccccccccc) dddddddddddddddddddddeeeeeeeeeeeeeeeeeeeee(format can't be changed - lengths of strings will vary) and I need to
Multiple Options for a Single Page
For this example I want to use the Handlers option which is under Fed Admin and all the related coding to the handlers option is found on the handlers.php page which includes a list of handlers with a
