php - Wrong login opens a session too -
i have written login php based in sqlite:
<?php $db = new pdo('sqlite:data.db'); session_start(); if (isset($_session['timeout'])) { if ($_session['timeout'] + 4 < time()) { session_destroy(); } } else { $_session['pass'] = ""; $_session['timeout'] = time(); } if (isset($_post['pass'])) { $_session['pass'] = $_post['pass']; } if (!empty($_session['pass'])) { $result = $db->query("select password,user users"); foreach ($result $row) { if (password_verify($_session['pass'], $row['password'])) { echo "welcome! you're logged in " . $row['user'] . "! <a href='index.php?logout=true'>logout</a>"; if (isset($_get['logout'])) { unset($_session['pass']); header('location: index.php'); } } } } else { echo '<form method="post" action=""><input type="password" name="pass"><form>'; } ?> this sqlite (data.db):
my problem following: if login 1 of users in database, session supossed last 4 seconds, , can read message: hello user, you're logged in (logout).
but: if introduce mistaken password (which not in database), screen turns white , have wait 4 seconds too.
my question is: how can redirect wrong logins login form no need wait session finish?
the logic seemed bit off me take approach:
<?php $db = new pdo('sqlite:data.db'); session_start(); if (isset($_get['logout'])) { // if logout set log them out no need other conditionals unset($_session['pass']); header('location: index.php'); exit(); //exit after header otherwise page keeps processing } if (isset($_session['timeout'])) { if ($_session['timeout'] + 4 < time()) { session_destroy(); } //} else { // $_session['pass'] = ""; // $_session['timeout'] = time(); //} //if (isset($_post['pass'])) { // $_session['pass'] = $_post['pass']; } if (!empty($_post['pass'])) { $result = $db->query("select password,user users"); foreach ($result $row) { if (password_verify($_post['pass'], $row['password'])) { echo "welcome! you're logged in " . $row['user'] . "! <a href='index.php?logout=true'>logout</a>"; $_session['pass'] = $_post['pass']; $_session['timeout'] = time(); } } } if(empty($_session['pass'])) { ?> <form method="post" action=""> <input type="password" name="pass"> <input type="submit"> <form> <?php } ?> additionally should pass user's name testing password against. method require long loads when have more users. won't work accurately when 2 users have same password.
Comments
Post a Comment