asked on i need urgent help to print $_SESSION['username'] beside the photo on top right of the page
i need to call session name in all pages
please if you can improve this code to be secure help!!!!!
please correct cookie code it is not working
note: my hosting godaddy , php 5.6
i am using check.php to check login and redirect to index.php again
please if you can improve this code to be secure help!!!!!
please correct cookie code it is not working
note: my hosting godaddy , php 5.6
i am using check.php to check login and redirect to index.php again
<?php
session_start();
class mysql{
private $localhost="localhost";
private $db_users="****";
private $db_password="*****";
private $db_name="*****";
function __construct(){
mysql_connect($this->localhost,$this->db_users,$this->db_password);
mysql_select_db($this->db_name);
}
function sql(){
$username=$_POST['username'];
$password=$_POST['password'];
$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
mysql_query("set character_set_server='utf8'");
mysql_query("set names 'utf8'");
$query=mysql_query($sql);
$num=mysql_num_rows($query);
if($num==1){
$_SESSION['username']="username";
$_SESSION['password']="password";
//remember me
@$remember_me=$_POST['rememberme'];
if($remember_me==1){
$cook_name="acpauth";
$time=time()+3600*24*1000 ;//1000 days
setcookie($cook_name,'usr='.$username.'&hash='.$password,$time);
}
header("location:packages.php");
}
else{
echo "wrong password or username !!!";
}
}
}
$use=new mysql;
$use->sql();
PHP
Last Comment
Julian Hansen
ASKER
can you tell me how to protect username and password texts
i know my fault i changed
$_SESSION['username']="use
$_SESSION['password']="pas
to
$_SESSION['username']="$us
$_SESSION['password']="$pa
i know my fault i changed
$_SESSION['username']="use
$_SESSION['password']="pas
to
$_SESSION['username']="$us
$_SESSION['password']="$pa
ASKER
and how to save cookie for username and cookie for password two cookie
sorry for disturbing you
sorry for disturbing you
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thanks
You are welcome.
Next - don't use your POST variables directly in your query - you are just asking for trouble.
1. Don't assume they exist
$username = isset($_POST['username']) ? $_POST['username'] : false;
2. Sanitize your variables before putting them in a query. This means, preferably, use a prepared statement and an escape string function to neutralise any unwanted malicious code in the variable.
A logon script is a prime target for a hacking attack so it is important you get this right.
3. It appears you are storing your password's in plain text - this is not a good idea - you should salt and hash your passwords password_hash() and password_verify() should be the default goto's here
4. This is not a good idea
Open in new window
Consider using token based security - don't store the username and password in the cookie - store an unguessable token and use this to do your auto logins.A token is a value that cannot be guessed and is unique (think UUID / GUID) that is associated with a user account and optionally a time period. The token is exchanged (in a cookie or a header) with each interaction with the server. The token is checked by the server to see it is valid (exists and has not expired) before any data is sent back to the client.
5. Then these lines had me scratching my head a bit
Open in new window
You are setting your session variables to the constant strings 'username' and 'password' - are you not meaning to save the values in the variables (which you will have verified and sanitized) $username and $password?