Best way of creating a login script

bo0

To allow users to login to my site I currently use:

<?

// TouringNet - Login

include("_config.php");

$md5pw = md5($_POST['password']);

mysql_connect($db_host, $db_user, $db_pass) or die ('ERROR: cannot connect to database');
mysql_select_db($db_name) or die ('ERROR: cannot select the database "'.$db_name.'"');

$query = "SELECT * FROM users WHERE username='".$_POST['username']."' AND password='$md5pw'" or die( "Unable to find user");
$result = mysql_query($query) or die(mysql_error().'<br> SQL:'.$query);
$num = mysql_num_rows($result);

if ($num==0) {

			echo("Either your username and/or password are incorrect! Please try again.");


} else {

$id=mysql_result($result,"id");

setcookie("TouringNetName", "".$_POST['username']."", time()+36000);
setcookie("TouringID", "$id", time()+36000);

			echo("<meta http-equiv=\"refresh\" content=\"0;URL=./?q=\">");

}

?>

Would it be better to use the "setcookie" or some sort of SESSION?

paulnaj

Hi bo0,

There's not much difference in the code, but some users have their cookies turned off, so don't always work.

Sessions are always going to work (assuming the server's set up correctly, of course), so for me, no contest.

Hope that helps!

Paul 🙂

Ravenous

Since you cannot rely on cookies, assume they'll be turned off. Use the cookies as a means of helping the user out by automatically "keeping them logged in." If they don't have the cookies 'cause they've turned them off, oh well. They'll need to login each time they visit your site.