I have created this php-Login, which will serve as a template. https://github.com/sinky/php-login-boilerplate My question,

Question

0

Editorial Team

Asked: June 10, 20262026-06-10T15:17:36+00:00 2026-06-10T15:17:36+00:00

I have created this php-Login, which will serve as a template. https://github.com/sinky/php-login-boilerplate My question,

0

I have created this php-Login, which will serve as a template.

https://github.com/sinky/php-login-boilerplate

My question, is this php-Login secure? Does it work proper?
Is it possible to get logged in without the password?
(SSL is not taken into consideration.)

Thank you for improvements.
Greetings Marco

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-10T15:17:37+00:00

No.. not really.

This is vulnerable to CSRF:

if($_GET['logout']) {
  session_destroy();    
}

This is trivial to bypass, just clear you cookies each time you attempt to login:

sleep($_SESSION['loginFail']);

This is good behavior:

header("location: login.php");
exit;

Keep in mind header() doesn’t stop the script from executing. Also yes, both the login and the session id must always be transmitted over HTTPS (read: OWASP A9).

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have created this php-Login, which will serve as a template. https://github.com/sinky/php-login-boilerplate My question,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply