ARTICLE AD BOX
To practice php I created a login system that only works for 1 user, and if you type in the wrong username/password it will kick you out. If you type the right one it sends you to a devtools.php. I'm aware of the security issues that php has and I'm wondering if the username and password are well protected.
formhandler:
<?php session_start(); if ($_SERVER["REQUEST_METHOD"] !== "POST") { header("Location: ../index.php"); exit; // makes you unable to access the login without hitting login } if ($_SERVER["REQUEST_METHOD"] == "POST"){ $username = strip_tags($_POST["username"]) ??''; $pwd = strip_tags($_POST["pwd"]) ??''; // grabs the information from the post, removes special characters, and returns it if it exists require_once "database.inc.php"; // connects to the page which connects to the // single query that fetches both columns $res = mysqli_query($conn, "SELECT username, pwd FROM user WHERE usid = 1"); $row = mysqli_fetch_assoc($res); if (!$row) { header("refresh:3;url=../index.php"); echo "Go away"; exit; } $expectedname = $row['username']; $expectedpwd = $row['pwd']; if ($username !== $expectedname || $pwd !== $expectedpwd) { header("refresh:3;url=../index.php"); echo "Go away"; exit; } header("Location:../devthing/cooki.php"); exit; }else { header("Location: ../index.php"); exit; }cookies page:
<?php ini_set('session.cookie_lifetime', '864000'); header("Location:devtools.php");devtools:
<?php if (!isset($_SESSION['pwd'])) { header("Location:index.php") } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Document</title> </head> <body> welcome to devtools! </body> </html>I also want to fix this part of the code:
if (!isset($_SESSION['pwd'])) { header("Location:index.php") }I want it to check if the sessions username and password aren't there, so it can send you back to the index, but when I enter the correct information it sends me to the index.
