Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- PHP Secure Session Login - Best Practice
- // Start session
- session_start();
- // Is the user already logged in?
- if (isset($_SESSION['username'])) {
- header('Location: members-only-page.php');
- }
- // vars
- login string post
- password string post
- // validation aside from ajax now
- login string is empty
- redirect to login form with error
- password string is empty
- redirect to login form with error
- // mysql
- escape strings
- clean html strings
- mysql connect external mysql server
- if login string is user
- if password md5 match with database md5
- session logged in
- else
- session failed password invalid
- redirect to login form user/pass error
- end if
- else
- session failed username invalid
- redirect to login form user/pass error
- end if
- if file called direct
- redirect 404
- alert_admin function type hacking attempt login page
- end if
- function sanitize($str)
- {
- $str = trim($str);
- if (get_magic_quotes_gpc())
- $str = stripslashes($str);
- return htmlentities(mysql_real_escape_string($str));
- }
Add Comment
Please, Sign In to add comment