HiveBrain v1.2.0
Get Started
← Back to all entries
patternphpMinor

PDO Login/Register system review

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
systemloginregisterreviewpdo

Problem

I wrote my very first login/register PDO system today. I know there is still a lot of flaws, but I was wondering what tips and advice you have to help me improve this. I know that PDO is much more secure than MySQl, so would you say my code is secure? If so, to what extent, since I'm using PDO? Any tips and advice would be much appreciated!

login.php

Login

    
    
    

prepare("SELECT username, password FROM users WHERE username=:username AND password=:password");
        $query->bindParam(':username', $_POST['username']);
        $query->bindParam(':password', $_POST['password']);
        $query->execute();

        if($row = $query->fetch()){
            $_SESSION['username'] = $row['username'];
            header("Location: index.php");
        }
    }
?>


register.php

Register

    
    
    

prepare("INSERT INTO users (username, password) VALUES (:username, :password)");
        $query->bindParam(':username', $_POST['username']);
        $query->bindParam(':password', $_POST['password']);

        if($query->execute()){
            header("Location: index.php");
        } else{
            echo 'ERROR';
        }
    }
?>


index.php

Logout';
} else {
    echo 'Login
    Register';
}
?>


core/connect.php

setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            return $conn;

        }   catch(PDOException $e){
            echo 'ERROR', $e->getMessage();
        }
    }
?>

Solution

Here are several tips:

  • Use OOP - this way you could start the session only once



  • Hash your passwords - this way no one can steal it from the db, or at least the chance is lower



  • Use MVC - separate your HTML from the PHP code



  • Move your db connect credentials to the .ini file - this way it could be easily changed and .ini files can be cached by the server



Feel free to check my code for user authorization here in my pet project.

Context

StackExchange Code Review Q#38202, answer score: 4

Revisions (0)

No revisions yet.