Home/ Questions/Q 8184479
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T01:31:05+00:00

I’m building a login system and I’m also looking to make it a little

  • 0

I’m building a login system and I’m also looking to make it a little more secure.
I won’t post my whole login process file as it’s not done yet but I do need a short to-do-style list to make the whole system more secure. I know using PDO’s prepared statements helps against SQL injections. I’m obviously also hashing the password with a salt. Is there anything else that’s critical?
Would really help me!

I also read somewhere that using header() is not recommended in forms. (for example: to redirect a user after the registration process is done.)
Is this true or not? And what are some other alternatives?

By the way, the form data will be processed in another page obviously, and I was wondering if it’s possible to send back errors from the process file (e.g “The username is too short”). I know it’s easily doable with jQuery’s .post() and the callback function but I’m just curious 😀

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here’s my suggestion about login system:

    • store user’s ID in cookie
    • generate special token and hash+salt and store them in cookies
    • store everything in database
    • get data from cookies on every page load and try searching for them in database
    • if not found, then logout a user
    • change token on every page load

    You can use header() to redirect user, but also use die() or exit() after it, because if you don’t use one of them, a rest of your code will continue execution.

    • 0