Ben,
In basic if not logged on there is no possibilty to run one of the other scripts, validation is done at the beginning of every script:
session_start();
if(!session_is_registered(User)){
header("location:login.php");
}
then the MySQL injection is checked:
$User = stripslashes($User);
$Password = stripslashes($Password);
$User = mysql_real_escape_string($User);
$Password = mysql_real_escape_string($Password);
and the password is encrypted:
$encrypted_Password=md5($Password);
at last the session is registered:
session_register("User");
session_register("Password");
Did I miss something or better, is there something that can make the script better?
Please advise!
Regards,
Ronald
|