Hi,
This is what I am thinking to do. Do you think this approach is useful?
Thanks
index.php
1.Get user's ip
2.Get session id
3.Combine them together and do SHA1 it
4.Store result in a $_SESSION["secret"]
login.php
1.Get user's ip
2.Get session id
3.Combine them together and do SHA1 it
4.Compare result with $_SESSION["secret"]
5.Echo Valid or Invalid
Hi veledrom,
I'm not too sure about your approach, I think that you may be looking at making it more complicated than it really needs to be.
If I was writing a login form, I would have two tables; Users and Banned. The Users table would have each users' details and the Banned table would simply have a list of banned IP addresses.
Then I would check that their IP address is not in the Banned table and from there I would show the login form. Once they have submitted the login form, I would compare their submission with that in the Users table. Of course, I would wrap their submission in the md5() function to ensure that they were not attempting anything malicious.
Here's an example of the SQL query that I would run to check their credentials...
<?PHP
if(isset($_POST)){
$sql = "SELECT * FROM Users WHERE Username = '".(md5($_POST["Username"]))."' AND Password = '".(md5($_POST["Password"]))."'";
$result = mysql_query($sql);
if(mysql_num_rows($result) > 0){
echo 'Found User!';
}else{
echo 'Can\'t Find User!';
}
}
?>We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.