user1895377
Reputation: 201
Could this pass as a secured lock file?
I made a lock file to see whether people are logged in on certain pages and I was curious as to if it is actually secure enough to put live or if people can easily bypass this lock.
Here is my code currently:
<?php
session_start();
if ((isset($_POST['user'])) && (isset($_POST['pass']))) {
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
}
include("config.php");
if ((isset($_SESSION['user']) && (isset($_SESSION['pass'])))) {
$sql = "SELECT count(*) FROM `users` WHERE user = :name and pass = :pass";
$result = $db->prepare($sql);
$result->bindValue(':name', $_SESSION['user']);
$result->bindValue(':pass', $_SESSION['pass']);
$result->execute();
$number_of_rows = $result->fetchColumn();
if ($number_of_rows !== 1){
echo "ERROR - USER AND PASS DO NOT MATCH";
} else { echo "SUCCESS!"; }
} else { echo "YOU NEVER LOGGED IN!"; }
?>
I feel like since it checks the database for a user and password match that there isn't really any way around this but at the same time I'm somewhat new to PHP and don't really know.
Upvotes: 0
Views: 46
Answers (1)
Dinesh
Reputation: 4110
you can add this on top of your code.
<?php
session_start();
if(empty($_SESSION['user']) && empty($_SESSION['pass']))
{
header("location:your_login_page.php");
exit();
}
this code automatically redirect user to login page if they are trying to enter in session or registered member area....
Upvotes: 1
Related Questions
- Session PHP Security
- Is this the right way to start more secure session in PHP?
- Working with Security and Sessions, is this secure enough?
- Is this a safe use of Session Variables?
- Is this login session secure?
- PHP SESSION Security question
- php session lock
- Implementing Security on Sessions
- Is this code secure?