Hello I have a question. I have set up my login system with cookies and it works. But I wonder is there a more clean version of doing this.
<?
include('../config/db_config.php');
$username = $_COOKIE['user'];
$password = $_COOKIE['pass'];
$result = mysql_query("SELECT * FROM users WHERE isadmin = 1");
while($row = mysql_fetch_array($result))
{
if($username == $row['username'] && $password == $row['password'])
{
//User entered correct username and password
echo("ALLOW");
}
else
{
//User entered incorrect username and password
echo("DENY");
}
}
?>
You see I want all my content to be shown ONLY if I am logged in as admin. So what, now only way of doing this would be ECHO’ing out my HTML/PHP/Javascript instead of echoing ALLOW because if I just include(“somepage.php”) there that page would still be avialable for usage without logging in, and even if I do same check there I still would be ECHO’ing out everything.
Why are you loading every user, then comparing the username and the password? Wouldn’t be easier to load a single user matching the username and the password?
Loading a single user will allow to remove the
while().In PHP, don’t use
mysql_query; do use PDO (if need, google for it to know why it’s better).Check your input (quite optional here, I agree).
Do never store passwords in plain text format.
You can probably do something like (I haven’t used PHP/PDO for years, so the code may be inexact):