How to write secure PHP login

Solution idea:

First of all, when logging in, you must understand the cookie of the client and the session of the server. After logging in, not only To save the session on the server side, you must also save the cookie on the browser, that is, the client. When detecting login, the value of the same key of the session and cookie must be the same to verify whether you are logged in.

Through the idea just now, we have the following operations:

1. Writing the login interface code; (Write it yourself, don’t bother writing it here)

2. PHP code logic writing after clicking login

Special attention is that when the login username and password and verification code are verified, something like server-side session is required: for example

$se = md5($admin_info['id'].$admin_info['user_name'].time());
Session::set('yebao_admin', [
            'admin' => [
                'admin_id' => $admin_info['id'],
                'user_name' => $admin_info['user_name'],
            ],
            'is_login' => true,
            'auth' => $se,
        ]);

$se: MD5 encrypted string of user ID, username and time. This string is also used when writing browser cookies.

$admin_info: User information

Then write the browser cookie

setcookie("auth", $se,time()+3600,"/");

Remember, when setting cookie, be sure to add the third parameter value ""/"" to make a global change, otherwise the browser will think that the cookie is only set on the current page. rather than all pages.

Regarding matters needing attention, the red box is marked in the picture below:

Recommended tutorial: PHP video tutorial

The above is the detailed content of How to write secure PHP login. For more information, please follow other related articles on the PHP Chinese website!