Msg#: 4193689 posted 10:03 am on Aug 29, 2010 (gmt 0)
On yahoo questions, I was getting help with my php login system, and a prominent answerer (lol) on yahoo questions had this to say:
"Using $_SESSION to store your login is a bad idea! When the user logs-in, you compare his entry with values in your DB. There, you also have his email. The general idea is that your user's table contains user, pwd, email AND "sess", a field of 50 chars that will be filled, AT SIGN-IN, with the session number. Then, if you want any detail of the user, use $_SESSION and check it against the DB, field "sess"."
If I'm doing it wrong, I'd like to know how to fix my login system. I didn't understand exactly what he said though. I'm not sure how to fix it. Here is my code, tell me what you think please:
$dbhost = "localhost"; $dbname = ""; // I erased these 3 on purpose $dbuser = ""; $dbpass = "";
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname) or die(mysql_error());