cyclone200
Reputation: 387
Check whether a user is logged in
I've just figured out that my login system was absolutely not secured.
So I thought about something :
- The user try to log in.
- I check in the database if hash(password) = the password hashed in the DB.
- If it is ok, I set a cookie like this:
setcookie ("pseudo", $_POST['pseudo'], time() + 36000);
- Then, on each "member" page, I check if the user is logged in with :
if (isset($_COOKIE['pseudo']))
But what I don't understand is that anyone can create a cookie named pseudo... So does that mean that I should store the password in a cookie and check on each "member" page the database ?
Upvotes: 0
Views: 53
Answers (1)
kmas
Reputation: 6439
You have to use sessions and their variables, they are stored on the server, thus the user cannot change their values.
Read this : http://php.net/manual/en/intro.session.php
And this : http://php.net/manual/en/session.examples.basic.php
If your connection is okay, create a session (do any stuff you want to do when a user is connected).
Upvotes: 2
Related Questions
- How to check if anyone is logged in with php?
- How to check if a user is logged in
- Using cookies to check if logged in
- Check if user has logged in with right password OR has a cookie using PHP
- How to test if the user is logged in
- Checking if user is logged in
- Checking if user already logged in, cookie check
- How to detect which user is logged in from cookie (php)?
- Check whether user is logged in or not
- check if user is logged in