Cookie time, cookie time!

[Hitman]

I need help with my cookies. I can't eat them. Haha, joking. The real problem is, they're not secure for a usersystem cos they can be stolen. Well, if I did a random code thing to generate a code such as 2ju8uejiji2jskmasdo29 and that was the cookie name, nobody would guess it, unlike "id_tom" or whatever. Would it work, and how could I impliment it?

Or should I use sessions, and how?

Thanks!

[Recursion]

Sessions as they are alot more secure, I don't know how to use them though, no doubt ScottDiamond will come to this thread and flame me.

[Hitman]

Sessions as they are alot more secure, I don't know how to use them though, no doubt ScottDiamond will come to this thread and flame me.

OK, can anybody teach me how to use them?

[Recursion]

Try these:
http://www.tizag.com/phpT/phpsessions.php

http://www.google.co.uk/search?q=php...ient=firefox-a

Hope they help

[Hitman]

Thank you I'll try google, I need to find a tut that deals with usersystems.

[Blob]

PHP Code:

$sql = mysql_query( "SELECT * FROM `users` WHERE (`username`, `password`) VALUES ( '$username', '$password' ) ");

if( mysql_num_rows( $sql) == "1" )
{
$_SESSION["username"] = $username;
} 


etcetc. Not sure the sql will work.

Heres the little login class I wrote:

PHP Code:

class cleaning
{
    function clean( $string )
    {
        $string = str_replace( "\"", "", $string );
        $string = nl2br( $string );
        $string = htmlentities( $string );
        $words = array( "UNION",
                        "SELECT FROM",
                        "ORDER BY",
                        "INSERT INTO",
                        "TRUNCATE",
                        "DROP TABLE",
                        "CREATE TABLE",
                        "DROP DATABASE" ); // All the queries we want to stop
        $string = preg_replace( "/$words/i", "", $string );
    }
}
// By Dan..

class login
{
    
    function log( $username, $password )
    {
        
        if( isset( $username ) && isset( $password ) )
        {
            $username = cleaning::clean( $username );
            $password = cleaning::clean( $password );

            $sql = mysql_query( "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
            
            if( mysql_num_rows( $sql ) == 1)
            {
                
                $_SESSION["username"] = $username;
                // Contine your sessions here
                
            }
            
        }
        
    }
    
    function login_check( $username, $password ) // This is to check if a user is logged in on the top of the page
    {
        
        if( isset( $username ) && isset( $password ) )
        {
            $username = cleaning::clean( $username );
            $password = cleaning::clean( $password );

            $sql = mysql_query( "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
            
            if( mysql_num_rows( $sql ) == "0")
            {
                
                die('Please Login! <a href="login.php">Click here</a>');
                        
            }
                        
        }
    }
    
} 


Call it login_class.php

Use:

Login:

PHP Code:

<?php
require( "login_class.php" );
if( isset( $_POST["username"] ) && isset( $_POST["password"] ) )
{
    login::log( $_POST["username"], $_POST["password"] );
} else {
echo "form stuff here..";
}
?>

Call that login.php

On main.php etc:

PHP Code:

<?php
session_start( );
require( "login_class.php" );
login::login_check( $_SESSION["username"], $_SESSION["username"] );
?>

Should work, I aint tried it.

[Hitman]

Thanks blob I also found this:

http://www.techtuts.com/forums/index.php?showtopic=3698

[Blob]

Thanks blob I also found this:

http://www.techtuts.com/forums/index.php?showtopic=3698

Eww no.