Hi, I've just implimented a sessioned logon to my site, and was wondering if any of you could see if you could forsee any problems with it. There will be a large volume of people viewing this site when it goes live, and it does involve database updates.
THis is my login page
<?php session_start(); ?>
<?php
$db = mysql_connect("localhost", "username", "password");
mysql_select_db("dbname",$db);
$sql="SELECT * FROM testtable where username = '$username'";
$result=mysql_query($sql,$db);
$myrow=mysql_fetch_row($result);
if($username==$myrow[0])
{
if($password==$myrow[1])
{
$my_session_username = $username;
session_register("my_session_username");
print '<meta http-equiv="refresh" content="0; URL=/mycourse.php">';
}
}
?>
This is my logoff page
<?php
session_start();
session_unregister("my_session_username");
session_destroy();
print '<meta http-equiv="refresh" content="0; URL=/logout.php">';
?>
THen my normal pages have
<?php
if(empty($my_session_username))
{
print '<meta http-equiv="refresh" content="0; URL=/notloggedin.html">';
}
else
{
show normal page HTML code
?>
If you can think of anything that might affect performance with this code, then please let me know, or if I have gone about this in a completely stupid way.
Thanks,
A
