0
Please can someone help me with a working php code for a login page.
I have set the registration page with mysql and php .. now to create a secured login with session is difficult.. any help will be appreciated. thank you.
3 Answers
0
Hello, to make a secure session:
- I hope that you hash the password with crypt function (look php doc) with sha256 or equivalent/better algorithm of hash
- search the user by email/username (use bindParam to protect the sql injection)
- check if there is a user, else return an error
- use the function password_verify (look php doc) to compare the password
- if the password is not good return an error, else use php session
$_SESSION['state'] = true;
$_SESSION['id'] = // id of user that you get when search user by email/username
Every time, at the begin of your php files, you must do this:
session_start();
session_regenerate_id(); // it's a security, check php doc
if (! isset($_SESSION['state'])) $_SESSION['state']=false;
For more security, look how protect the session against the csrf. And if you doesn't want to use php session, you use mysql to store the session (you still have regenerate the session key every time)
0
Take a look at PHP Secure Login
You can get it from github for free
+ its 100% sql injection safe
+ it uses sha512 for password hash (
Once when the form submitted via javascript than php encrypts the password again with a random )
I have been using PSL ( PHP SECURE LOGIN ) for a while now in my projects and its pretty good
I have edited the script so it goes with the project that i'm working on
And you may add crsf token for the logout page ( for more security )
http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
0
thanks Jeremy.... I have seen the codes on wikihow.... I have done everything... but the button is not carrying out any action. I enter everything and click the button. . nothing happens.... both on registration and login button.. am I missing anything code... please help me figure out what am missing or the solution... thanks.