imoudu13 / CampusTalk

0 stars 1 forks source link

Client-side security (login) #4

Open imoudu13 opened 8 months ago

imoudu13 commented 8 months ago

Login This is the simple part I believe, first make sure the information in both boxes is entered, sanitize it, i think it would be best to send the information to a seperate php file if the input boxes are filled but you are free to do it in the same file. then make a query to the database using the username should be something like this: "select userID, userPassword, isAdmin from Users where username = ?;", if it returns a record then that means the username is good, if not return an error message. Then hash the password that was entered using the same used in registration, if the hashed password are the same then send the userId to the next page. Otherwise display an error message

When a user is logged in start a session, put their username, userId, isAdmin varaible in the session and set a timeout as well, I think you can do it without a cookie or something. There's information in the slides

hadirazmi commented 8 months ago

Alright on it!