ARABYAREA.com

To do a secure login using PHP suppose you have a page called login.php that has the login form and the page logincheck.php, you have to take in your account these points

1- Use the token ID to validate the submission for example to validate the login you generate a token ID in login.php as the following

<?php

/*** begin a session ***/
session_start();

/*** set a token ID ***/
$tokenID = md5( uniqid(’auth’, true) );

/*** set the session form token ***/
$_SESSION['tokenID'] = $tokenID ;
?>

The token ID must be submitted may be in hidden field as the following:

<input type=”hidden” name=” token ID” value=”<?php echo $form_token; ?>” />

In logincheck.php you have to check the following:

if( $_POST['tokenID'] != $_SESSION['tokenID'])
{
echo ‘Invalid form submission’;

exit(0);
}

2- use htmlspecialchars to convert html tags .

3- use addslashes to escape ‘

4- use session_regenerate_id() to prevent session fixation :

<?php

if(mysql_num_rows($result)>0) {

//Login Successful .. Regenerate session ID to

//prevent session fixation attacks

session_regenerate_id();

$member=mysql_fetch_assoc($result);

$_SESSION['SESS_MEMBER_ID']=$member['member_id'];

//Write session to disc

session_write_close();

header(”location: member-index.php”);

exit();

} ?>

6- use unset($_SESSION['SESS_MEMBER_ID']); to logout

1. Prevent AJAX scripts from URL caching
   Some times you must prevent cache of web page to avoid some critical errors! for example in ajax you have to prevent cache ! a simple method to do this...
2. Warning: Cannot modify header information - headers already sent by (output started .. fix
   some times in PHP pages the message "Warning: Cannot modify header information - headers already sent by (output started .. " appears. The cause: You may use the function header...
3. how to Prevent file Deletion
   how to Prevent file Deletion? The answer for this question is using the following program by Mohammad SaiediThe program name is Prevent Deletion which can be used to prevent the deletion of...
4. How to prevent cache using html meta tag
    Some times when you use some javascript or ajax you need to prevent cache, here is a simple HTML code that is valid for all web programing languages PHP, asp, asp.net and...
5. creating javascript popup using div
   Traditional popup window my be not the suitable choice for your website.. in this case you have to use javascript to create a javascript popup using DIV. In ths example I...
6. Dictionary using visual basic
   This source code is a dictionary code.. you have fill all words in it and it's meaninig to have an answer for translation requests! download this dictionary code here The...
7. submit forms with ajax to html page or PHP
   Here is a toolkit that can help you in submitting forms using ajax.  AJFORM is a JavaScript toolkit which simply submits data from any form in an HTML page to...
8. Ravmon Smart Virus Removal Tool 3.2 download
   IT is a smart virus removal tool that has a several amazing feature! I advice you to try it! . Click below to go to location where you can download it...
9. how to Change Hard disk Volume ID
   how to Change Harddisk Volume ID ? The answer is by the program Change Harddisk Volume ID by PVO Software,  which can change the Harddisk Volume ID. To use this...
10. Privacy Policy
    Privacy Policy for Arabyarea.com At Arabyarea.com, the privacy of our visitors is of extreme importance to us. This privacy policy document outlines the types of personal information is received and...