如何让饼干安全
我希望通过会话和cookie进行登录我尝试制作此
这是我的代码
<?php
$my_username =IsSet($_POST['username']) ? make_it_safe($_POST['username']) :Null;
$my_userpass =IsSet($_POST['userpass']) ? make_it_safe($_POST['userpass']) :Null;
$saveinfo =IsSet($_POST['save_info']) ? make_it_safe($_POST['save_info']) :Null;
if(empty($my_username)){
echo "<div class='alert alert-error'>Insert Username</div>";
}else if(empty($my_userpass)){
echo "<div class='alert alert-error'>Insert Userpass</div>";
}else {
$my_userpass = sha1($my_userpass) ;
$select = $mysqli->query("SELECT * FROM members WHERE username='$my_username' AND userpass='$my_userpass' LIMIT 1");
$num = $select->num_rows;
if($num){
$rows = $select->fetch_array(MYSQL_ASSOC);
$id = $rows ['id'];
$username = $rows ['username'];
$userpass = $rows ['userpass'];
if($username == $my_username && $userpass == $my_userpass){
$_SESSION['id'] = $id ;
$_SESSION['username'] = $username ;
if ($saveinfo == 'on'){
setcookie("id",$_SESSION['id'],time()+2592000);
setcookie("username",$_SESSION['username'],time()+2592000);
}
header("Location: home.php");
}
}else{
echo "Error";
}
?>
这是使用Cookie登录的正确方法吗?是否安全?