Is this login system secure ?
if ($_POST[$submit]){$user = $_POST[$user];$pass = $_POST[$pass];if ($user && $pass){ //if user and pass is enterered require("vars.php"); //require MySQL conection settings mysql_connect($auth_mysql_server, $auth_mysql_user, $auth_mysql_pass); //connect to MySQL mysql_select_db($auth_mysql_db); // select MySQL database $pass = md5($pass); // hash password $query = mysql_query("SELECT * FROM $auth_mysql_table WHERE user='$user'"); // run query $numrows = mysql_num_rows($query); if ($numrows == 1){ //check if user exists $row = mysql_fetch_assoc ($query); $dbid = $row[$auth_mysql_id_row]; $dbuser = $row[$auth_mysql_user_row]; $dbpass = $row[$auth_mysql_pass_row]; if ($pass == $dbpass){ // if password is equal to the one in the database start session session_start(); //set session information $_SESSION['user'] = $dbuser; header("Location:$auth_loggedin"); // goto logged in page } else return (3); } else return (2); mysql_close(); // close MySql connection } else return (1);}If not how could i make it secure ?
I hashed the password but i know md5 can be decrypted however sha1 can be too.Also is themysql_close() needed ?
