Quite basic script you wrote but it could work.
That looks strange in your script though
session_register("myusername");
session_register("mypassword");
You could use a function like that to register a session, store session ID in the database in user table under new column session_ID
, add another column last_active
, browser_information
(user agent), ip
to store user’s IP.
On every page load function like (bool) check_session($session_id)
would need to be called to check if all session_ID
, browser_information
and ip
still match.
That’s briefly how you can code your new functions, it’s not StackOverflow’s job to write the code for you, I hope that helps!
EDIT: As I was advised in the comments this answer should be extended.
Fred -ii- advised to use mysqli with prepared statements or PDO with prepared statements. For password storage, use CRYPT_BLOWFISH or PHP 5.5’s password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.