I need a secure login script in php 5. I am looking for a code example, maybe some gpl app that uses the latest php and a very secure way to log in. Can you tell me if this php login script is secure?
check_login.php
PHP Code:
<?php
session_start();
include('config.php');
trim($_POST['username']);
trim($_POST['password']);
$username = $_POST['username'];
$password = $_POST['password'];
if(!preg_match("/^[-a-z0-9 ']{4,12}+$/i",$_POST['username'])){
echo "Username error";
exit();
}
sqlconnect();
$sqlquery = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '".md5($password)."'");
if (mysql_num_rows($sqlquery) > 0) {
session_regenerate_id();
$sqldata = mysql_fetch_assoc($sqlquery);
$_SESSION['USERID'] = $sqldata['userid'];
$_SESSION['LOGGEDIN'] = true;
session_write_close();
header("Location: members.php");
exit();
} else {
echo "login error";
echo $password;
echo md5($password);
}
?>
members.php
PHP Code:
<?php
session_start();
if (($_SESSION['LOGGEDIN'] = false) OR (!$_SESSION['USERID'])) {
include('header.php');
echo "<p>Please login before playing.</p>\n";
include('footer.php');
exit();
}
include('header.php');
?>
If it is not. Please give me some code example.
Bookmarks