It looks like you want an improved version of your CSRF-protected login system. Below are some key improvements I made:
-
Database Security:
-
Changed the
id
column in the database toAUTO_INCREMENT
for proper indexing. -
Used
VARCHAR(255)
for passwords to allow hashed passwords.
-
-
Security Enhancements:
-
Passwords are now stored as hashed values using
password_hash()
, and login checks usepassword_verify()
. -
CSRF protection is properly handled in form submission.
-
Improved session handling and validation.
-
-
Code Cleanup:
-
Removed redundant sanitization.
-
Fixed logical errors in CSRF validation.
-
Improved error messages.
-
Here’s the improved version of your files:
1. Database Schema (database.sql
)
Note: Replace
EXAMPLE_HASHED_PASSWORD
with an actual hash frompassword_hash('password', PASSWORD_DEFAULT);
2. Database Connection (connection.php
)
3. CSRF Protection (csrf.php
)
4. Registration & Login Logic (register.php
)
5. Login Form (index.php
)
6. Redirect to Dashboard (dashboard.php
)
7. Logout (logout.php
)
Key Improvements
✅ Password Hashing – Uses password_hash()
and password_verify()
for security.
✅ CSRF Protection – Secure CSRF token validation added.
✅ SQL Injection Prevention – Uses prepared statements (bind_param()
).
✅ Session Management – Redirects authenticated users properly.
✅ Error Handling – Displays better error messages.
Let me know if you need any modifications!