Simple logon script: logon page php script
<?php
session_start();
header("Cache-control: private"); //IE 6 Fix
if($_POST['Submit'] == "GO"){
$username = $_POST['memberid'];
$password = $_POST['password'];
$DBhost = "localhost";
$DBuser = "dba";
$DBpass = "";
$DBName = "databasename";
$date=date("Y/d/m h:i:s", mktime());
$ip=$_SERVER["REMOTE_ADDR"];
mysql_pconnect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");
mysql_select_db("$DBName") or die("Unable to selectdatabase $DBName");
// write entry to file
$sqlquery="INSERT INTO USELOG (EDATE,IPADDR,USERID)
VALUES('$date','$ip','$_POST[shareid]')";
$results = mysql_query($sqlquery);
if($username !=''){
$result = mysql_query("SELECT USERNAME FROM USERS WHERE USERNAME = '$username' AND PASSWORD= '$password' AND UFUSER=1");
$row = mysql_fetch_array($result);
if ($username ==$row["USERNAME"]){
$_SESSION['user_id'] = $username;
$_SESSION['pass_id'] = $password;
$_SESSION['contact'] = $row["CONTACT"];
$_SESSION['email'] = $row["EMAIL"];
$_SESSION['brand'] = $brand;
header("Location: members/index.php");
exit;
} else {
unset($_SESSION['user_id']);
header("Location: 401.shtml");
exit;
}
}
mysql_close();
}
?>
every other page in the members section has the following at the begining of the page:
<?php
session_start();
header("Cache-control: private"); // IE 6 Fix.
if(!isset($_SESSION['user_id']) || !isset($_SESSION['pass_id'])) {
header("Location: logon.php");
exit;
}
?>
Question is is this secure enough to place into production?
my skill level is not that great some pointers would be great.
Thank you in advance
<?php
session_start();
header("Cache-control: private"); //IE 6 Fix
if($_POST['Submit'] == "GO"){
$username = $_POST['memberid'];
$password = $_POST['password'];
$DBhost = "localhost";
$DBuser = "dba";
$DBpass = "";
$DBName = "databasename";
$date=date("Y/d/m h:i:s", mktime());
$ip=$_SERVER["REMOTE_ADDR"];
mysql_pconnect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");
mysql_select_db("$DBName") or die("Unable to selectdatabase $DBName");
// write entry to file
$sqlquery="INSERT INTO USELOG (EDATE,IPADDR,USERID)
VALUES('$date','$ip','$_POST[shareid]')";
$results = mysql_query($sqlquery);
if($username !=''){
$result = mysql_query("SELECT USERNAME FROM USERS WHERE USERNAME = '$username' AND PASSWORD= '$password' AND UFUSER=1");
$row = mysql_fetch_array($result);
if ($username ==$row["USERNAME"]){
$_SESSION['user_id'] = $username;
$_SESSION['pass_id'] = $password;
$_SESSION['contact'] = $row["CONTACT"];
$_SESSION['email'] = $row["EMAIL"];
$_SESSION['brand'] = $brand;
header("Location: members/index.php");
exit;
} else {
unset($_SESSION['user_id']);
header("Location: 401.shtml");
exit;
}
}
mysql_close();
}
?>
every other page in the members section has the following at the begining of the page:
<?php
session_start();
header("Cache-control: private"); // IE 6 Fix.
if(!isset($_SESSION['user_id']) || !isset($_SESSION['pass_id'])) {
header("Location: logon.php");
exit;
}
?>
Question is is this secure enough to place into production?
my skill level is not that great some pointers would be great.
Thank you in advance
