stackoom
  简体   繁体   中英

Check whether a user is logged in

 原文  2015-03-16 16:15:55       php/ cookies

Question

I've just figured out that my login system was absolutely not secured.

So I thought about something :

  • The user try to log in.
  • I check in the database if hash(password) = the password hashed in the DB.
  • If it is ok, I set a cookie like this: 
setcookie ("pseudo", $_POST['pseudo'], time() + 36000);
  • Then, on each "member" page, I check if the user is logged in with : 
if (isset($_COOKIE['pseudo']))

But what I don't understand is that anyone can create a cookie named pseudo... So does that mean that I should store the password in a cookie and check on each "member" page the database ?

1 answers

solution1
 2 ACCPTED  2015-03-16 16:23:12

You have to use sessions and their variables, they are stored on the server, thus the user cannot change their values.

Read this : http://php.net/manual/en/intro.session.php

And this : http://php.net/manual/en/session.examples.basic.php

If your connection is okay, create a session (do any stuff you want to do when a user is connected).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check whether user is logged in or not How to check whether the user is logged in? How to check whether a user is logged in on another domain? Check whether user is logged in another domain How to check whether user is logged in on another site? How to Check whether the user logged in and Redirect Accordingly Check whether user is logged in or not and require different pages depending on that laravel 4.2 How to check whether any user is logged in multi auth How to check whether user logged in wordpress site from Yii? How to check whether the user is already logged in on different ip/locations
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM