It's really the one area I'm not so sure in so I want to post my way, and then you can express your ways and how you do it, then what I can do to improve on mine.
Setting sessions;
To check the Session;PHP Code:function setSession($username, $host, $ip, $id) {
$time = date("dmogi");
$_SESSION["x"] = $username;
$_SESSION["xx"] = encrypt($username);
$_SESSION["xxx"] = $host;
$_SESSION["xxxx"] = encrypt($host);
$_SESSION["xxxxx"] = $ip;
$_SESSION["xxxxxx"] = encrypt($ip);
$_SESSION["xxxxxxx"] = $time;
$_SESSION["xxxxxxxx"] = encrypt($time);
mysql_query("UPDATE `users` SET `host` = '".$host."',
`hoste` = '".encrypt($host)."',
`ip` = '".$ip."',
`ipe` = '".encrypt($ip)."',
`time` = '".$time."',
`timee` = '".encrypt($time)."' WHERE `users`.`id` = '".$id.'" LIMIT 1;");
}
Your views and comments are appreciated & your way be nice to see too.PHP Code:function checkSession($id) {
$time_plus = $_SESSION["xxxxxxx"];
$time_expire = date("dmogi");
$time_new = $time_plus - $time_expire;
if($time_new < 30) {
if(encrypt($_SESSION["x"]) == $_SESSION["xx"]) {
if(encrypt($_SESSION["xxx"]) == $_SESSION["xxxx"]) {
if(encrypt($_SESSION["xxxxx"]) == $_SESSION["xxxxxx"]) {
if(encrypt($_SESSION["xxxxxxx"]) == $_SESSION["xxxxxxxx"]) {
$query = mysql_query(" SELECT * FROM `users` WHERE `username` = CONVERT( _utf8 '".$_SESSION["x"]."' USING latin1 ) COLLATE latin1_swedish_ci AND `host` = CONVERT( _utf8 '".$_SESSION["xxx"]."' USING latin1 ) COLLATE latin1_swedish_ci AND `hoste` = CONVERT( _utf8 '".$_SESSION["xxxx"]."' USING latin1 ) COLLATE latin1_swedish_ci AND `ip` = CONVERT( _utf8 '".$_SESSION["xxxxx"]."' USING latin1 ) COLLATE latin1_swedish_ci AND `ipe` = CONVERT( _utf8 '".$_SESSION["xxxxxx"]."' USING latin1 ) COLLATE latin1_swedish_ci LIMIT 0 , 30");
$rows = mysql_num_rows($query);
if($rows == 0) {
return false;
} elseif($rows > 0) {
$time = date("dmogi");
$_SESSION["xxxxxxx"] = $time;
$_SESSION["xxxxxxxx"] = encrypt($time);
mysql_query("UPDATE `users` SET `time` = '".$time."',
`timee` = '".encrypt($time)."' WHERE `users`.`id` = '".$id."' LIMIT 1;");
return true; }
} else { return false; }
} else { return false; }
} else { return false; }
} else { return false; }
} else { return false; }
}
Thread moved from Website Staff by --ss-- (Forum Super Moderator): Moved to the correct location.
Results 1 to 10 of 13
Thread: [PHP] Best ways to Auth in PHP
-
18-04-2008, 01:01 PM #1
[PHP] Best ways to Auth in PHP
Last edited by --ss--; 18-04-2008 at 01:23 PM. Reason: I have no idea why it posted it here.
Hi, names James. I am a web developer.
-
18-04-2008, 05:03 PM #2
Isn't that slightly over the top?
-
No :rolleyes:
Originally Posted by JH
-
maybe u could use ur auth make a tut on user system or something
-
18-04-2008, 07:17 PM #5
Well I always thought over top was better than not alot, I don't think I should make a tutorial I just want to know what I should change and what is good.
Hi, names James. I am a web developer.
-
I would do that but i know for a fact i would have something like xx instead of xx somewhere and i wud cry myself to sleep over a bag of polish later that night
-
18-04-2008, 08:13 PM #7
You got me, I dont get what your on about man lol
Hi, names James. I am a web developer.
-
I personally don't see why you're encrypting everything?
I mean, come on, the time doesn't have to be encrypted...
My set session:
My check_login:PHP Code:private function set_session() {
global $db;
$get_user_3 = $db->query("SELECT * FROM users WHERE username='$this->username'");
$get_user_3_a = $db->fetch_array($get_user_3);
$uid = $get_user_3_a["id"];
$id = session_id();
$db->query("DELETE FROM session WHERE session_id='$id'");
$db->query("DELETE FROM session WHERE userid='$uid'");
$ip = $_SERVER["REMOTE_ADDR"];
$date = time();
$db->query("INSERT INTO session (session_id, ip, date, userid) VALUES('$id', '$ip', '$date', '$uid')");
$db->redirect("index.php");
}
PHP Code:public function check_login ()
{
global $db;
$id = session_id();
$start = $db->query("SELECT * FROM session WHERE session_id='$id'");
$start_n = $db->num_rows($start);
if ($start_n == "0") {
return "0";
} else {
$get_session_a = $db->fetch_array($start);
$user_id = $get_session_a["userid"];
$check_user = $db->query("SELECT * FROM users WHERE id='$user_id'");
$c_u_n = $db->num_rows($check_user);
if ($c_u_n == "0") {
return "0";
} else {
$timeout = $this->get_setting("timeout");
$now = time();
$last = $get_session_a["date"];
$check = $now - $last;
if ($check > $timeout) {
return "0";
} else {
if ($get_session_a["ip"] != $_SERVER['REMOTE_ADDR']) {
return "0";
} else {
$db->query("UPDATE session SET date='$now' WHERE session_id='$id'");
return "1";
}
}
}
}
}
-
19-04-2008, 02:40 PM #9
Well then I compared the plain text encrypted by the original encryption. Then I check it against the database.
Hi, names James. I am a web developer.
-
If you're using sessions, you can't change them.. most of that is a bit useless.
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts