If you are referring to the last code you posted, there was nothing wrong with it other than perhaps an excessive use of if-else statements. You could have probably set default values for some of those variables and avoid the if/else clutter. PHP is already a burden to maintain without you adding more code to it unnecessarily.
Interesting. How would you have rewritten it?
Also, I am not talking about the code I last posted. Now that I have registration functionality, it's time to add login functionality so I created a small login script.
I figured, it'd be best to just use the $_SESSION variable.
I'm trying to secure my sessions with some code like this :
Code:
define( "SECURE", false ); // no HTTPS for me!
function sec_session_start()
{
$session_name = "sec_session_id"; // I'm not entirely sure how this helps, but it's whatever, right? XD
$secure = SECURE;
$httponly = true;
ini_set( "session.use_only_cookies", 1 );
$params = session_get_cookie_params();
session_set_cookie_params( $params[ "lifetime" ],
$params[ "path" ],
$params[ "domain" ],
$secure,
$httponly );
session_name( $session_name );
session_start();
session_regenerate_id( true );
}
And my login script does all the basic database querying and checking and I windup just doing this :
Code:
$_SESSION[ "username" ] = $username;
This is all I really need. All data is associated with just the user. I know I need to create a logout script and a timeout functionality as well.
Not gonna lie, frameworks are starting to look really attractive now...
Originally Posted by Adak
