Hi

Iam new to PHP,please help me how to give security and sessions in login page.If possible give one example.I written code,please help me where i need to add sessions and time out login and security to the login.

what is code for time out login.


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="style.css" type="text/css">
<!-- TemplateBeginEditable name="doctitle" -->
<title>Login</title>
<!-- TemplateEndEditable -->
<!-- TemplateBeginEditable name="head" -->
<!-- TemplateEndEditable -->
<style type="text/css">
<!--
body {
background-color: #035208;
margin-left: 0px;
margin-left:0;
}
div.del{
background:url(/bg.jpg) center center repeat-x;
height: 63px;
}
-->
</style>
<link href="/emp_menu.css" rel="stylesheet" type="text/css" />
<link rel="stylesheet" type="text/css" href="/chrometheme/chromestyle.css" />

<script type="text/javascript" src="/chromejs/chrome.js">

/***********************************************
* Chrome CSS Drop Down Menu- © Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code
***********************************************/

</script>
<style>

div.del{
background: url(Templates/bg.jpg) center center repeat-x;
height:63px;
}
</style>

</head>

<body>
<table width="990" height="286" border="0" align="center" cellpadding="0" cellspacing="0" id="Table_01">
<tr>
<td><img src="/images/home_01.png" width="990" height="9" alt="" /></td>
</tr>
<tr>
<td height="107" valign="top"><img src="images/home_02.gif" alt="" width="233" height="107" border="0" usemap="#Map" /></td>
</tr>
<tr>
<td valign="top" bgcolor="#FFFFFF"><img src="images/spacer.gif" width="1" height="1" /></td>
</tr>
<tr>
<td><img src="/images/home_05.png" width="990" height="4" alt="" /></td>
</tr>
<tr>
<td height="19" valign="top"><!-- TemplateBeginEditable name="main" -->
<table bgcolor="#FFFFFF" width="990" border="0" cellspacing="0" cellpadding="0">
<tr><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td></tr>
<tr>
<td><?php

function login_form(){
global $password,$email,$user_err,$pass_err,$error_msg;

//echo<center><font class=\"title\">".PLEASE_ENTER_YOUR_USER."</font></center>\n";
?>
<center>
<form method="post" action="" name="loginform">
<table border="0" cellspacing="2" cellpadding="4">
<tr>
<td bgcolor="#E2E2E2" align="right">EMAIL : </td>
<td bgcolor="#E2E2E2"><input type="text" name="email" value="<?php echo $email;?>"><?php echo $user_err;?></td>
</tr>
<tr>
<td bgcolor="#E2E2E2">PASSWORD : </td>
<td bgcolor="#E2E2E2"><input type="password" name="pass" value="<?php echo $pass;?>"><?php echo $pass_err;?></td>
</tr>
<tr>
<td colspan=2> <input type="checkbox" name="remember" value="ON"> REMEBER_ME</td>
</tr>
<tr>
<td>&nbsp;</td>
<td align="center"> <input type="hidden" name="maa" value="do_login">
<input type="submit" name="login" value="LOGIN"></p>
<input type="hidden" name="Refer" value="<? echo($refer) ?>"
</td>
</tr>
</table> <?php echo $error_msg;?>
</form>[<a href="home.html">HOME</a>] [ <a href="login.php?maa=Forgot_pwd">FORGOT_PASSWORD</a> ]<br><br>

<? }?>


<?php

//this function will do the login porcess for you.
function do_login()
{
$con=mysql_connect("localhost","root","");
mysql_select_db("a2z");
$email=$_REQUEST['email'];
$pass=$_REQUEST['pass'];
global $remember, $user_err,$pass_err,$error_msg;

//check username and password fields.
if((!$email) || (!$pass))
{
//include("Templates/header.php");

$reqmsg= "(<font class=\"error\">".REQUIRED."</font>)";
if(trim(empty($email)))
{
$user_err= $reqmsg;
}
if(empty($pass))
{
$pass_err= $reqmsg;
}

//load the login form again.
login_form();
//include("Templates/footer.php");
exit();
}


$md5_pass = md5($pass);
$sql = mysql_query("SELECT * FROM maaking_users WHERE email='$email' AND pass='$md5_pass'");

$login_check = mysql_num_rows($sql);
if($login_check > 0)
{
while($row = mysql_fetch_row($sql))
{

$email = $row['email'];
$password = $row['pass'];


$info = base64_encode("$email|$password");
if (isset($remember))
{
setcookie("user","$info",time()+1209600);
}
else
{
setcookie("user","$info",0);
}
//sql_query("UPDATE ".$prefix."_users SET ipaddress='$REMOTE_ADDR', lastlogin=NOW() WHERE userid='$userid'");
if(isset($_REQUEST['id']))
{
$id=$_REQUEST['id'];
header("location:admin/index.php?maa=download&id=$id");
exit;
}
else
{
header("location:home.html");
}
//print success message and redirect browser
//msg_redirect("".LOGIN_SUCCESS."","view.php","");
}
//if the entered informations are wrong, then print error message.
}
else
{
//include("Templates/header.php");
$error_msg = "<font class=\"error\">".LOGIN_ERROR."</font>";
unset($email);
unset($password);

//include("Templates/header.php");
login_form();
//include("Templates/footer.php");
exit();
}
}

function Forgot_pwd_form(){
global $error_msg, $email_err;
?>

<center><font class="title">SEND_NEW_PASSWORD</font>
<form method="post">
<table border="0" cellpadding="4">
<tr>
<td bgcolor="#E2E2E2">FIRST NAME :</td>
<td bgcolor="#E2E2E2" align="left"><input type="text" name="name" value="<?php echo $fname;?>"></td>
</tr>
<tr>
<td bgcolor="#E2E2E2">EMAIL :</td>
<td bgcolor="#E2E2E2"><input type="text" name="email" value="<?php echo $email;?>"><?php echo $email_err;?></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<input type="hidden" name="maa" value="do_Forgot_pwd">
<input type="submit" value="SEND_PASSWORD"></p>
</td>
</tr>
</table><center><?php echo $error_msg;?></center>
</form>
<?php

}

function Forgot_pwd()
{
Forgot_pwd_form();

}

function do_Forgot_pwd()
{
$con=mysql_connect("localhost","root","");
mysql_select_db("a2z");
global $fname, $email, $error_msg, $site_name ,$site_email, $site_url, $email_err;

$fname=$_REQUEST['fname'];
$email=$_REQUEST['email'];

$result = mysql_query("SELECT * FROM maaking_users WHERE email='$email'")or die(mysql_error());
$check = mysql_num_rows($result);
if(trim(empty($email)))
{

$email_err="<b><font color=\"#FF0000\">(REQUIRED)</font></b>";
Forgot_pwd();
exit;
}

if($check == 1)
{

function new_pwd()
{
$chars = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7)
{
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pwd = $pwd . $tmp;
$i++;
}
return $pwd;
}
$new_pwd = new_pwd();
$md5_password = md5($new_pwd);
$sql = mysql_query("UPDATE maaking_users SET pass='$md5_password' WHERE email='$email'");


echo "Your password will be sent to your mail";
header("location:login.php");
}else{

Forgot_pwd_form();
echo "<center><font class=\"error\">".WRONG_USEREMAIL."</font></center><br>";

}
}




$opt=$_REQUEST['maa'];
switch($opt)
{
case "do_login" :
do_login();
break;
case "Forgot_pwd":
Forgot_pwd();
break;

case "do_Forgot_pwd":
do_Forgot_pwd();
break;
default :
login_form();
break;
}
?></td>
</tr>
<tr><td>&nbsp;</td></tr>
<tr><td>&nbsp;</td></tr>
</table>
<!-- TemplateEndEditable --></td>
</tr>
<tr>
<td><img src="/images/home_07.png" width="990" height="4" alt="" /></td>
</tr>
<tr>
<td height="63" valign="top" background="chrometheme/bg.jpg"><div class="del">

</div>









</td>
</tr>

</table>

</body>
</html>