Can anyone tell me if this example would be considered a secure method for
authentication using sessions. The login page is a form to validate the user
and begin the session. The second bit of code is at the top of every page to
authenticate the user. I can't figure out if this is the best way.
Thanks
login page:
---------------------------------------
if($action=="validate"){ // Form submitted so check userid and password
against database
$query="SELECT memberid,name,lastname from members WHERE userid =
'$userid' and password = '$password'";
$result=mysql($database,$query);
$rows=mysql_num_rows($result);
if ($rows == 0){
$err_no=100; // bad userid or password
header("Location:login.php?err_no=$err_no");
exit();
}else{ // Input validated issue session id
$rs=mysql_fetch_array($result);
$name=$rs["name"];
$lastnamename=$rs["lastname"];
$memberid=$rs["memberid"];
session_register("name");
session_register("lastname");
session_register("memberid");
header("Location:mem_welcome.php");
exit();
}
}
if ($err_no==100){
$login_header="User ID or Password do not match";
}else if ($err_no==200){
$login_header="Please Log In Again";
}else {
$login_header="Please Log In";
}
<html>
Print out the login form here
</html
top of page to authenticate user:
----------------------------------------------------
session_register("memberid");
if (!isset($memberid) && !isset($PHPSESSID)){
$err_no=200;
header("Location:login.php?err_no=$err_no");
exit();
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
