Member Avatar for Marco_4

Hello, I ask information to you that you are much more experienced than me that I am learning. I would like to create an administrative panel with the only possibility to be logged in to the admin. Your wisest thing which is to carry out safely login?

Let me explain, I create a mysql database table called "admin", insert a line that corresponds to the admin data, the type, (username = admin and password already inserted according to the crypt hash).

Now, by creating the login.php, I just need to verify the password (password_verify) to make sure it's safe?

Thank you

  • 1 Contributor
  • 1 Reply
  • 287 Views
  • 2 Hours Discussion Span
  • Latest Post Latest Post by Marco_4
Member Avatar for Marco_4

Example:

<?php
session_start();
require '../includes/config.php';
$pdo->query('SELECT * FROM admin');
$row = $pdo->single();

$username = $_POST['username'];
$password = $_POST['password'];
$hash = $row['password'];

        if(isset($_POST['login'])){

            if($username == ""){
                echo "Enter username";
            }
            if($password == ""){
                echo "Enter password";
            }

            else if (password_verify($password, $hash)) {
                $_SESSION['id'] = $row['id'];
                $_SESSION['username'] = $row['username'];
                $_SESSION['level'] = $row['level'];
                $_SESSION['logged'] = time();

                header('Location: index.php');
                exit();
            } else {
                echo 'Invalid password.';
            }

        }
?>

And protected pages:

session_start();
include '../includes/config.php';

if(!isset($_SESSION['logged'])){
    header('Location: login.php');
    exit();
}

its correct and secure?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.