0

Hello, I ask information to you that you are much more experienced than me that I am learning. I would like to create an administrative panel with the only possibility to be logged in to the admin. Your wisest thing which is to carry out safely login?

Let me explain, I create a mysql database table called "admin", insert a line that corresponds to the admin data, the type, (username = admin and password already inserted according to the crypt hash).

Now, by creating the login.php, I just need to verify the password (password_verify) to make sure it's safe?

Thank you

1
Contributor
1
Reply
11
Views
1 Year
Discussion Span
Last Post by Marco_4
0

Example:

<?php
session_start();
require '../includes/config.php';
$pdo->query('SELECT * FROM admin');
$row = $pdo->single();

$username = $_POST['username'];
$password = $_POST['password'];
$hash = $row['password'];

        if(isset($_POST['login'])){

            if($username == ""){
                echo "Enter username";
            }
            if($password == ""){
                echo "Enter password";
            }

            else if (password_verify($password, $hash)) {
                $_SESSION['id'] = $row['id'];
                $_SESSION['username'] = $row['username'];
                $_SESSION['level'] = $row['level'];
                $_SESSION['logged'] = time();

                header('Location: index.php');
                exit();
            } else {
                echo 'Invalid password.';
            }

        }
?>

And protected pages:

session_start();
include '../includes/config.php';

if(!isset($_SESSION['logged'])){
    header('Location: login.php');
    exit();
}

its correct and secure?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.