I need help with my cookies. I can't eat them. Haha, joking. The real problem is, they're not secure for a usersystem cos they can be stolen. Well, if I did a random code thing to generate a code such as 2ju8uejiji2jskmasdo29 and that was the cookie name, nobody would guess it, unlike "id_tom" or whatever. Would it work, and how could I impliment it?
Or should I use sessions, and how?
Thanks!
Results 1 to 8 of 8
Thread: Cookie time, cookie time!
-
Cookie time, cookie time!
-
Sessions as they are alot more secure, I don't know how to use them though, no doubt ScottDiamond will come to this thread and flame me.
:8
Originally Posted by Chippiewill
-
OK, can anybody teach me how to use them? Originally Posted by Jaffa Cakes!
-
Try these:
http://www.tizag.com/phpT/phpsessions.php
http://www.google.co.uk/search?q=php...ient=firefox-a
Hope they help
:8 Originally Posted by Chippiewill
-
Thank you
I'll try google, I need to find a tut that deals with usersystems.
-
16-06-2007, 01:53 PM #6
etcetc. Not sure the sql will work.PHP Code:
$sql = mysql_query( "SELECT * FROM `users` WHERE (`username`, `password`) VALUES ( '$username', '$password' ) ");
if( mysql_num_rows( $sql) == "1" )
{
$_SESSION["username"] = $username;
}
Heres the little login class I wrote:
Call it login_class.phpPHP Code:class cleaning
{
function clean( $string )
{
$string = str_replace( "\"", "", $string );
$string = nl2br( $string );
$string = htmlentities( $string );
$words = array( "UNION",
"SELECT FROM",
"ORDER BY",
"INSERT INTO",
"TRUNCATE",
"DROP TABLE",
"CREATE TABLE",
"DROP DATABASE" ); // All the queries we want to stop
$string = preg_replace( "/$words/i", "", $string );
}
}
// By Dan..
class login
{
function log( $username, $password )
{
if( isset( $username ) && isset( $password ) )
{
$username = cleaning::clean( $username );
$password = cleaning::clean( $password );
$sql = mysql_query( "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
if( mysql_num_rows( $sql ) == 1)
{
$_SESSION["username"] = $username;
// Contine your sessions here
}
}
}
function login_check( $username, $password ) // This is to check if a user is logged in on the top of the page
{
if( isset( $username ) && isset( $password ) )
{
$username = cleaning::clean( $username );
$password = cleaning::clean( $password );
$sql = mysql_query( "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
if( mysql_num_rows( $sql ) == "0")
{
die('Please Login! <a href="login.php">Click here</a>');
}
}
}
}
Use:
Login:
Call that login.phpPHP Code:<?php
require( "login_class.php" );
if( isset( $_POST["username"] ) && isset( $_POST["password"] ) )
{
login::log( $_POST["username"], $_POST["password"] );
} else {
echo "form stuff here..";
}
?>
On main.php etc:
Should work, I aint tried it.PHP Code:<?php
session_start( );
require( "login_class.php" );
login::login_check( $_SESSION["username"], $_SESSION["username"] );
?>
-
Thanks blob
I also found this:
http://www.techtuts.com/forums/index.php?showtopic=3698
-
16-06-2007, 02:01 PM #8
Eww no. Originally Posted by Zengo
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts