php - Using this login secure with cookies?


Looking for perhaps a little input on any vulnerabilities with this login script.

step 1 - input form with username and password gets submitted

step 2 - upon verification I would insert a uniqid into DB called session

step 3 - In order to verify user is logged in check DB

$user_decode_cookie = base64_decode($_COOKIE['cookiewithinfo']);

$cookie_implode = (explode('_', mysqli_real_escape_string($con, $user_decode_cookie)));

$sql = mysql_query("SELECT * FROM user WHERE username='{$cookie_implode[0]}' AND session = '{$cookie_implode[1]}'")or die(mysql_error());
    $userinfo = mysql_fetch_array($sql);
    return $userinfo;

step 4 - set COOKIE with username and uniqid

To verify it is correct user I get the COOKIE and make sure uniqid match with the username in the DB.

I was reading a bit on here and used the session as I saw was suggested.

I was using COOKIES in order to save login even after browser close.

Is this close in anyway to how it can be done somewhat safely or am I way out to lunch. Thanks as well for any input.




Your approach looks reasonably secure. The only thing I would change is to savemd5(PK . $uniqid) instead of just the$uniqid in the cookie so that it would be almost impossible to brute force it, even with a botnet and years of attempts.

ThePK would simply be any simple key that you'd keep private to your script. You could keep the DB as it is and validate the secured session key in PHP after the query, or simply store the same secured key directly in the DB to keep your current query.

Note that you should use prepared statements on your arguments for security.

People are also looking for solutions to the problem: php - Operating on class members instead of passing parameters to methods


Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.