TalkPHP - View Single Post

Haris · 01-14-2008, 02:27 AM

PHP Code:


			
function loginUser($username,$password) {
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);
    
        $query = "SELECT * FROM example WHERE username='".$username."' AND password=PASSWORD('$password')";
        $query = mysql_query($query);
        $number = mysql_num_rows($query);
        
        if($number < 1) {
            echo "Incorrect Login Information";
        }
        else {
            session_regenerate_id();
            $_SESSION["logged"] = $username;
            
            echo "You are now logged in <a href=index.php> Click Here </a>";
        }
}

PHP: session_regenerate_id - Manual

It will regenerate the session ID every time the user logins thus, preventing session hijacking.

01-14-2008, 02:27 AM	#7 (permalink)
Haris The Frequenter Join Date: Sep 2007 Posts: 360 Thanks: 24	PHP Code: function loginUser($username,$password) { $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query = "SELECT * FROM example WHERE username='".$username."' AND password=PASSWORD('$password')"; $query = mysql_query($query); $number = mysql_num_rows($query); if($number < 1) { echo "Incorrect Login Information"; } else { session_regenerate_id(); $_SESSION["logged"] = $username; echo "You are now logged in <a href=index.php> Click Here </a>"; } } PHP: session_regenerate_id - Manual It will regenerate the session ID every time the user logins thus, preventing session hijacking. __________________ Necessity is the mother of invention. My blog