0

Please can someone help me with a working php code for a login page.

I have set the registration page with mysql and php .. now to create a secured login with session is difficult.. any help will be appreciated. thank you.

22nd Mar 2017, 7:09 PM
Master Wayne
Master Wayne - avatar
3 Respuestas
0
Hello, to make a secure session: - I hope that you hash the password with crypt function (look php doc) with sha256 or equivalent/better algorithm of hash - search the user by email/username (use bindParam to protect the sql injection) - check if there is a user, else return an error - use the function password_verify (look php doc) to compare the password - if the password is not good return an error, else use php session $_SESSION['state'] = true; $_SESSION['id'] = // id of user that you get when search user by email/username Every time, at the begin of your php files, you must do this: session_start(); session_regenerate_id(); // it's a security, check php doc if (! isset($_SESSION['state'])) $_SESSION['state']=false; For more security, look how protect the session against the csrf. And if you doesn't want to use php session, you use mysql to store the session (you still have regenerate the session key every time)
22nd Mar 2017, 7:50 PM
Jérémy BOURGIN
0
Take a look at PHP Secure Login You can get it from github for free + its 100% sql injection safe + it uses sha512 for password hash ( Once when the form submitted via javascript than php encrypts the password again with a random ) I have been using PSL ( PHP SECURE LOGIN ) for a while now in my projects and its pretty good I have edited the script so it goes with the project that i'm working on And you may add crsf token for the logout page ( for more security ) http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
22nd Mar 2017, 9:34 PM
Saif Eddin Gmati
Saif Eddin Gmati - avatar
0
thanks Jeremy.... I have seen the codes on wikihow.... I have done everything... but the button is not carrying out any action. I enter everything and click the button. . nothing happens.... both on registration and login button.. am I missing anything code... please help me figure out what am missing or the solution... thanks.
23rd Mar 2017, 4:55 PM
Master Wayne
Master Wayne - avatar