Hello,
I am coding a script allowing my site visitors to sign up to be able to write comments, etc...
So here's the code I wrote for that:
At the top of the login page I have:
// ---------------------- //
// Initialize the session //
// ---------------------- //
session_start();
I the functions included file I have:
function isUserExists()
{
// Checks for the username already in user
$username = $_POST['username'];
$password = md5($_POST['password']);
return mysql_result(mysql_query("SELECT COUNT(uid) FROM users WHERE username = '$username' AND password = '$password'" ),0);
}
In the login page:
// ----- //
// Login //
// ----- //
if (isset($_POST['login']))
{
if (isUserExists() == 1)
{
// --------------------------------------------------- //
// Select the user ID from the DB and register session //
// Redirect browser to the user control panel and exit //
// --------------------------------------------------- //
$username = $_POST['username'];
$result = mysql_query("SELECT uid, username FROM users WHERE username = '$username'" );
$row = mysql_fetch_array($result);
extract($row);
$_SESSION['uid'] = $uid;
$_SESSION['username'] = $username;
header("Location: usercp.php" );
exit;
}
elseif (isset($_SESSION['uid']) AND empty($_GET['logout']))
{
header("Location: usercp.php" );
exit;
}
else
{
// ---------------------- //
// Echo bad login message //
// ---------------------- //
$tpl->newBlock('badLogin');
}
}
Finally, in each protected page I have:
// ---------------------- //
// Initialize the session //
// ---------------------- //
session_start();
// ----------------------- //
// Check if user is logged //
// ----------------------- //
if (empty($_SESSION['uid']))
{
header("Location: index.php" );
exit;
}
Do you see any security hole?!
Thank you...
