10
votes
Accepted
PHP Login System with persistent login
Ok, moving down the list...
I would separate the content of the includes folder into 2 semantically named folders: includes and <...
- 2,379
6
votes
5
votes
Accepted
PHP - First Login System
Security
You are escaping user input, which prevents SQL injection. It's good enough, but really not the recommended way to do this as it's too error-prone (whenever a project does this, it's ...
- 25.3k
5
votes
Accepted
httprequest to php login system
I'll take a more holistic approach than mickmackusa, he already talked about a lot of details.
I don't see any problem with the fact that you use an AJAX call to verify user credentials, and login. ...
- 6,133
4
votes
PHP Login System with persistent login
As you are already using PDO, you should use prepare/execute logic to apply values to SQL statements. Currently they can be subject to an SQL injection.
Example:
Instead of
...
- 296
4
votes
PHP Login System with persistent login
You must protect against SQL injections. You said you know about that topic, so why are you using interpolated SQL statements at all? An SQL statement in the source code must never contain a ...
- 21.9k
4
votes
Accepted
Language switch based on parameters and session state
Yes. Definitely. You can use a lookup array.
...
- 8,802
4
votes
Accepted
MySQL database custom session handler using PHP with MySQLi extension
Use the null coalescing operator for all occurrences where you want to provide fallback values for undeclared/null variables.
...
- 8,802
3
votes
Assigning several variables from request URL using regexes
I'm not really comparing before and after. Without seeing the data that comes in that's a bit hard. Instead I'll focus on the new code.
In general, a lot of your variables could benefit from clearer ...
- 1,033
3
votes
Accepted
PHP function to check whether a user is logged in
One of the problems you're facing is the pyramid of doom - deeply nested control structures that make for hard to read code.
You can simplify your code by inverting the conditions in your if-...
- 331
3
votes
Simple login user authentication
Making your website/application truly secure is a complex matter! If you're using username, password and roles I'd suggest to use the Out of the Box ASP.Net feature. You can always read it here for ...
- 378
3
votes
Simple login user authentication
Let's review from top to bottom.
Page_Load()
No need to have a try..catch here if the code only throw inside the ...
- 51k
3
votes
Laravel session handler for Phpbb sessions
General Review
Years ago I created similar code to read and write data to the phpbb sessions. It was a bit more complicated as I wasn't using a framework like Laravel at the time, and it created ...
- 29.6k
3
votes
Accepted
Session Control
As you can see I added a bit logic to make it remove the expired sessions when a session is retrieved. Is this a good approach? If not what would you recommend?
From a design standpoint, it doesn't ...
- 25.3k
3
votes
Update database, refresh the page to show changes, show a success message
In your submission processing code, you have 3 required variables. Use isset() once to check that all 3 are declared.
Try to avoid single-use variables. If you ...
- 8,802
3
votes
Accepted
User profile system with PHP and PDO - Conditional links for admin
Your question
I want to know if the way i did is correct, and if there's a safer way to do this
You need to ask how secure $_SESSION['email'] is. Could that value ...
- 29.6k
3
votes
PHP login system with prevention for session hijacking, fixation, injection, etc
First of all, you are heavily overthinking it. And, as a result, over-engineer the code, making it mostly overkill. A theory is a good thing, in reality it is always a trade-off between security and ...
- 9,123
3
votes
Accepted
User management OOP php class
here are some comments on the class code which I hope are of some use to you.
Dependency Injection
Creating the PDO object inside the constructor introduces a POD dependency on User class. Think ...
- 211
3
votes
Accepted
logging in using cookie authentication/authorization in asp.net C#
var user = await _context.UsersTableTest.FirstOrDefaultAsync(u => u.UserName == Username);
Please bear in mind that == ...
- 10.8k
2
votes
Update database, refresh the page to show changes, show a success message
Storing HTML in session leads to tight-coupling
Having the HTML stored in the server- side session is a violation of the Single-Responsibility principle. It couples the front-end display output in the ...
- 29.6k
2
votes
Accepted
Go cookie authentication system
Concurrent use of map
Quote from Golang FAQ:
Map access is unsafe only when updates are occurring. As long as all goroutines are only reading—looking up elements in the map, including iterating ...
- 1,795
2
votes
Shopping cart in Rails for karaoke items
Generally looks great.
Since @cart is basically a list of Karaoke ids, you could update the ...
- 141
2
votes
Checking if a cookie is set
yes its possible you need in index file include the ini file
require_once "../app/function/init.php";
and also need .htaccess something look like that
...
- 21
2
votes
Accepted
Login methods with cookie options
are methods supposed to be [responsible] for a single operation? ... Also, in the real world and in a bigger project how is this limit of 20 lines working out?
Yes.
Some methods might be just six ...
- 42.1k
2
votes
PHP > 7.1 - MySQL Session Handler Class with some built-in time-management/security
Without looking too deeply into it, a few things immediately pop out:
This class is likely too large with its ~250 lines of code.
It has quite a bit of internal state, stored in 10 instance variables.
...
- 2,082
2
votes
PHP Signup & Login
I can spot only one issue related to security:
$accNumber = "A" . sprintf("%06d", mt_rand(1, 999999));
there is a fair chance for two customers to get the same ...
- 9,123
2
votes
PHP User management class
For session management, you might want to take a look at SessionHandlerInterface. Generally, your class can handle it all, but further on - you can set custom ...
- 245
2
votes
Accepted
Login system with password reset sent to e-mail using PHP and PDO
The trim() function usage is OK.
The biggest problem here is a hash security. A permanent md5( rand(0,1000) ); hash is anything but security. It's so easily ...
- 9,123
2
votes
Accepted
Implementation of login and registration functions in servlet filter
Quickfire opinions:
Don't use MD5 for anything. MD5 is cryptographically broken. Especially do not put passwords through it.
Don't use passwords to generate an authentication token. Use a ...
- 25.5k
2
votes
Secure session handling in PHP
As an overarching rule, I never write scripts with the "stfu operator" (@). It looks like you plan to refine the session starting line, so I won't dwell.
You are ...
- 8,802
Only top scored, non community-wiki answers of a minimum length are eligible