In the login page of the Inventory Management System, user-entered passwords are hashed using the SHA-256 algorithm. The hash is then compared with the stored hashed password in the database. This ensures that even if the database is compromised, raw passwords are never exposed.
After login, session variables track the authenticated user. These sessions ensure pages like Dashboard, Products, etc., are only accessible to logged-in users.
If the user remains inactive for a set duration (e.g., 20 minutes), the session expires automatically. This prevents unauthorized access if the user leaves the system open.
The system defines three roles: Admin, Manager, and Viewer. Each role has restricted access to specific pages. For example, only Admin can add or delete products, while Viewers can only view the inventory data.
All form inputs like product name, category , price, etc., are validated to ensure correct formats and prevent invalid or malicious data from being submitted.
Parameterized SQL queries are used throughout the system, preventing direct user input from modifying SQL commands and protecting against SQL injection attacks.
Pages like Dashboard.aspx and Products.aspx check if a session exists. If not, users are automatically redirected to the login page, blocking unauthenticated access.