I need help with my cookies. I can't eat them. Haha, joking. The real problem is, they're not secure for a usersystem cos they can be stolen. Well, if I did a random code thing to generate a code such as 2ju8uejiji2jskmasdo29 and that was the cookie name, nobody would guess it, unlike "id_tom" or whatever. Would it work, and how could I impliment it?

Or should I use sessions, and how?

Thanks!

Sessions as they are alot more secure, I don't know how to use them though, no doubt ScottDiamond will come to this thread and flame me.

Sessions as they are alot more secure, I don't know how to use them though, no doubt ScottDiamond will come to this thread and flame me.
OK, can anybody teach me how to use them?

Try these:
http://www.tizag.com/phpT/phpsessions.php

http://www.google.co.uk/search?q=php+sessions+tutorial&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a

Hope they help :)

Thank you :) I'll try google, I need to find a tut that deals with usersystems.

$sql = mysql_query( "SELECT * FROM `users` WHERE (`username`, `password`) VALUES ( '$username', '$password' ) ");

if( mysql_num_rows( $sql) == "1" )
{
$_SESSION["username"] = $username;
}

etcetc. Not sure the sql will work.

Heres the little login class I wrote:



class cleaning
{
function clean( $string )
{
$string = str_replace( "\"", "", $string );
$string = nl2br( $string );
$string = htmlentities( $string );
$words = array( "UNION",
"SELECT FROM",
"ORDER BY",
"INSERT INTO",
"TRUNCATE",
"DROP TABLE",
"CREATE TABLE",
"DROP DATABASE" ); // All the queries we want to stop
$string = preg_replace( "/$words/i", "", $string );
}
}
// By Dan..

class login
{

function log( $username, $password )
{

if( isset( $username ) && isset( $password ) )
{
$username = cleaning::clean( $username );
$password = cleaning::clean( $password );

$sql = mysql_query( "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");

if( mysql_num_rows( $sql ) == 1)
{

$_SESSION["username"] = $username;
// Contine your sessions here

}

}

}

function login_check( $username, $password ) // This is to check if a user is logged in on the top of the page
{

if( isset( $username ) && isset( $password ) )
{
$username = cleaning::clean( $username );
$password = cleaning::clean( $password );

$sql = mysql_query( "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");

if( mysql_num_rows( $sql ) == "0")
{

die('Please Login! <a href="login.php">Click here</a>');

}

}
}

}

Call it login_class.php

Use:

Login:



<?php
require( "login_class.php" );
if( isset( $_POST["username"] ) && isset( $_POST["password"] ) )
{
login::log( $_POST["username"], $_POST["password"] );
} else {
echo "form stuff here..";
}
?>


Call that login.php

On main.php etc:


<?php
session_start( );
require( "login_class.php" );
login::login_check( $_SESSION["username"], $_SESSION["username"] );
?>

Should work, I aint tried it.

Thanks blob :D I also found this:

http://www.techtuts.com/forums/index.php?showtopic=3698

Thanks blob :D I also found this:

http://www.techtuts.com/forums/index.php?showtopic=3698

Eww no.