Am I going about this all-round login function correctly? This function uses mysql database to check users table with the provided information and logs them in if it's checking a login attempt, or it can simply check if the user is currently logged in or not. You can also set it to require login (otherwise it'll just return true or false, then you decide what to do from an if in your code when calling it) and redirect to appropriate page. It also assumes that passwords are MD5 encrypted.

PHP Code:

/////////////////////////////////////////////
// Login verification function by Galaxian //
/////////////////////////////////////////////
// The arguments as follows: If login is submitted and you want the function to check, then
// set the $username and $password arguments when calling the function and it will verify
// and if found successful, it will log them in with sessions.
//
// E.g check_login($_POST['username'], $_POST['password']);
//
// $required is set then login will be required when the function is called. If this is set
// to 1, then you must set a page for it to redirect to. Default redirect is login.php if not set.
//
// If required is set to 0 then the function will simply return true or false for whether the person
// is logged in or not.
//
// So for example:
//
// if (check_login()) {
// print "You are logged in!";
// } else {
// print "You are not logged in!";
// }
//

function check_login($username = "", $password = "", $required = 1, $redirect = "login.php"){
// If user already logged in and sessions exit, proceed verify
if(isset($_SESSION['user']) && isset($_SESSION['pass'])) {
$checkq = mysql_query("select username, password from users where username = '".$_SESSION['user']."' and password = '".$_SESSION['pass']."' limit 1");
// If login valid
if(mysql_num_rows($checkq) > 0) {
// Return as true
return true;
} else {
// Otherwise unset the sessions and return as false
unset($_SESSION['user']);
unset($_SESSION['pass']);
// If login is required, then redirect
if($required == 1) {
header("location: $redirect");
}
return false;
}
// If user not already logged in..
// Check if they have submitted a login
} else if(isset($username) && isset($password)) {
$checkq = mysql_query("select username, password from users where username = '".mysql_real_escape_string($username)."' and password = '".md5($password)."' limit 1");
// If a user with the details exists then set sessions
if(mysql_num_rows($checkq) > 0) {
$_SESSION['user'] = mysql_real_escape_string($username);
$_SESSION['pass'] = md5($password);
// Return true
return true;
}
} else {
// If not logged in RETURN AS FALSE
// If login is required, then redirect
if($required == 1) {
header("location: $redirect");
}
return false;
}
} 


I can see potential for a SQL injection there, you should be validating your username and password input to remove quotes and other liabilities.

Jamie

Quote:

Originally Posted by JamieLewis

I can see potential for a SQL injection there, you should be validating your username and password input to remove quotes and other liabilities.

Jamie

I edited it, is it more secure now?

The password field needs not to be secured because it is MD5'ed.

Definitely looking better now

Jamie

Hey Rich

Here are a few suggestions (this is only for tips and pointers if you want 'em). You don't really need to re-validate the session user if its already set because in theory they should already be logged in. Also in the login process, I give an example to reset the session (sometimes good to do when changing to login state). And finally, use the full URL for redirect and exit out of the current running script.

PHP Code:

function check_login($username, $password, $required = 1, $redirect = 'https://www.domain.com/login.php')
{
  if (isset($_SESSION['user']) AND isset($_SESSION['pass'])) return true;
  if (!empty($username) AND !empty($password))
  {
    $username = stripslashes($username);
    $password = stripslashes($password);
    $checkq = mysql_query("
      SELECT username, password
      FROM users
      WHERE
        username = '" . mysql_real_escape_string($username) . "'
        AND password = '" . md5($password) . "'
      LIMIT 1
    ");
    if (mysql_num_rows($checkq) > 0)
    {
      $session_backup = $_SESSION;
      unset($_COOKIE[session_name()]);
      session_destroy();
      session_start();
      $_SESSION = $session_backup;
      unset($session_backup);
      
      $user_row = mysql_fetch_assoc($checkq);
      $_SESSION['user'] = $user_row['username'];
      $_SESSION['pass'] = $user_row['password'];
      unset($user_row);
      
      return true;
    }
  }
  if ($required == 1)
  {
    header("location: $redirect");
    exit();
  }
  return false;
}