This is what I am thinking to do. Do you think this approach is useful?


1.Get user's ip
2.Get session id
3.Combine them together and do SHA1 it
4.Store result in a $_SESSION["secret"]

1.Get user's ip
2.Get session id
3.Combine them together and do SHA1 it
4.Compare result with $_SESSION["secret"]
5.Echo Valid or Invalid

8 Years
Discussion Span
Last Post by webbespoke

Hi veledrom,

I'm not too sure about your approach, I think that you may be looking at making it more complicated than it really needs to be.

If I was writing a login form, I would have two tables; Users and Banned. The Users table would have each users' details and the Banned table would simply have a list of banned IP addresses.

Then I would check that their IP address is not in the Banned table and from there I would show the login form. Once they have submitted the login form, I would compare their submission with that in the Users table. Of course, I would wrap their submission in the md5() function to ensure that they were not attempting anything malicious.

Here's an example of the SQL query that I would run to check their credentials...

     $sql = "SELECT * FROM Users WHERE Username = '".(md5($_POST["Username"]))."' AND Password = '".(md5($_POST["Password"]))."'";
     $result = mysql_query($sql);

     if(mysql_num_rows($result) > 0){
          echo 'Found User!';
          echo 'Can\'t Find User!';

Edited by webbespoke: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.