//Mark as valid

If some of you remember I wrote a long time ago an article about secure login script, and entered a comment in the php code => mark as valid… well this is a tiny article on how different people mark as valid the logged in users…

Via SESSION
Also known as the preffered way…
—
$_SESSION["auth"]  = 1;
$_SESSION["name"] = $list;
—

Via COOKIE
Not recommended, but safe anyway…
—
$value = $list;
$value .= “|”;
$value .= md5($passwd); //yes double md5
setCookie(”auth”, $value, 0);
—

Authentification verification
Should be included as first in every… When using session the following check would be enough…
—
if($_SESSION["auth"]!=1) {
   header(”Location: inValidUser.php”) //get the fuck out of here
   exit();
}
—
When cookies are used… use the following code to check for athentification:
—
$list = explode(”|”, $_COOKIE["auth"]);
foreach($list as $key => $value) {//somebody could forge a cookie
   $list[$key] = mysql_real_escape_string($value); //with mysql injection
}
$handle = mysql_connect(”user”,”pass”,”mySQLHost”);
      mysql_select_db(”yourdb”);

$query = mysql_query(”SELECT id0 FROM 1nside0ut WHERE
      r34ln4m3=’” .$list[0]. “‘ AND md5(entryw41)=’” .$list[1].”‘”, $handle);

if(mysql_num_rows($query)!=1) {
   header(”Location: inValidUser.php”) //get the fuck out of here
   exit();
}
—
phew… just insert the mark as valid code in the login script… and the validation in every file…