This is the code for my website's admin page login
<?php
//simple PHP login script using Session
//start the session * this is important
session_start();
//login script
if(isset($_REQUEST['ch']) && $_REQUEST['ch'] == 'login'){
//give your login credentials here
if($_REQUEST['uname'] == 'my_name' && $_REQUEST['pass'] == 'my_password')
$_SESSION['login_user'] = 1;
else
$_SESSION['login_msg'] = 1;
}
//get the page name where to redirect
if(isset($_REQUEST['pagename']))
$pagename = $_REQUEST['pagename'];
//logout script
if(isset($_REQUEST['ch']) && $_REQUEST['ch'] == 'logout'){
unset($_SESSION['login_user']);
header('Location:login.php');
}
if(isset($_SESSION['login_user'])){
if(isset($_REQUEST['pagename']))
header('Location:'.$pagename.'.php');
else
header('Location:admin.php');
}else{
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Website</title>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link rel="stylesheet" type="text/css" href="styles.css" media="all" />
</head>
<body>
<form name="login_form" method="post" action="">
<h2 align="center"><strong>Admin Login</strong></h2>
<input type="text" name="uname" id="uname" placeholder="Username">
<input type="password" name="pass" id="pass" placeholder="Password">
<td colspan="2" align="center">
<p style="color:red;">
<?php
//display the error msg if the login credentials are wrong!
if(isset($_SESSION['login_msg'])){
echo 'Wrong username and password !';
unset($_SESSION['login_msg']);
}
?>
</p>
<div align="center" colspan="2"><input type="submit" value="Login"></div>
</tr>
<input type="hidden" name="ch" value="login">
</form>
</body>
</html>
I copied this from a website so i'm not really sure how safe it is. And I'm also not so good with php.
is this safe to use or is it easy to hack? if it's not can anyone tell me what is the best none-MySQL login system?