Jump to content

Secure Login Session


andostini

Recommended Posts

Hey guys,

 

I'm programming a very tiny CMS and I just wanted to ask, if you think that this login system is secure enough. The user data is stored in a MySQL Database.

 

Logging the user in after verifying his login data:

$_SESSION['username'] = $usernameinput;$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];session_name("sid");session_set_cookie_params(1800);session_cache_expire(1800);

Checking if the user is logged in:

if (isset($_SESSION['username'] and $_SESSION['addr'] == $_SERVER['REMOTE_ADDR']))     {     //SHOW WEBSITE     {else {     //SHOW LOGIN FORM     }

To logout a user, I simply use the session_destroy() function.

 

I would be very greatful about your opinion and advice.

 

Fabian

Edited by andostini
Link to comment
Share on other sites

no password checking? is username coming directly from GET / POST data? Also, won't this always be true?

 

$_SESSION['addr'] == $_SERVER['REMOTE_ADDR']
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...