[MySQL][PHP]Logowanie i zabezpieczenia Opcje

[snerf]

Witam

napisałem sobie prosty skrypt logowania i starałem się zabezpieczyć sesję póki co się sprawdza lecz nwm czy to jest w pełni bezpieczne rozwiązanie:

[PHP] pobierz, plaintext 
<?php
class user{
	public $pdo;
	public $timeout; public $timeout_active;
	public $last_visit_time;
	public $prefix_mysql;
 
	public function pdo($pdo, $time, $time_activ, $prefix_mysql)
	{
		$this->pdo = $pdo;
		$this->timeout = $time;
		$this->timeout_active = $time_activ;
		$this->prefix_mysql = $prefix_mysql;
	} 
 
	public function login($name, $password)
	{
			$pdo = $this->pdo;
		try{
			$password_sel = set_password($password);
			$stmt = $pdo -> prepare('SELECT id, password FROM `'.$this->prefix_mysql.users.'` WHERE username = :user OR email = :user  LIMIT 1');
			$stmt -> bindValue(':user', $name, PDO::PARAM_STR); 
			$stmt -> bindValue(':pass', $password_sel, PDO::PARAM_STR); 
			$stmt -> execute(); 
			$count = $stmt->rowCount();
		}catch(PDOException $e){
			$display = 'Błąd zapytania:<br> ' . $e->getMessage();
		}
			$row = $stmt -> fetch();
			$user_id = $row['id'];
			if($count == 1){
				if(check_password($password, $row['password'])){
					$display = 'Zalogowano';
					$seskey = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
					$this->last_visit_time = time()+$this->timeout_active;
					$stmt = $pdo -> prepare('UPDATE `'.$this->prefix_mysql.users.'` SET  `session_key` = :seskey, `time_activ` = :date WHERE `id` = :user_id');
					$stmt -> bindValue(':date', $this->last_visit_time, PDO::PARAM_INT); 
					$stmt -> bindValue(':seskey', $seskey, PDO::PARAM_STR); 
					$stmt -> bindValue(':user_id', $user_id, PDO::PARAM_INT); 
					$stmt->execute(); 
					$_SESSION['last_active'] = time();
					$_SESSION['owner_ses'] = $seskey;
					$_SESSION['user_id'] = $user_id;
				}else{
				$display = 'Dane nie prawidłowe.';
				}
			}else{
				$display = 'Takie konto nie istnieje.';
			}
	  return $display;
	} 
 
	public function check($ost_activ)
	{
		if(!empty($_SESSION['user_id']) && !empty($_SESSION['owner_ses'])){
			$timeout = $this->timeout; 
			$owner_ses = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
 
			if ((isset($_SESSION['last_active']) && $_SESSION['last_active']<(time()-$timeout))
				|| (isset($_SESSION['owner_ses']) && $_SESSION['owner_ses']!=$owner_ses))
			{
				setcookie(session_name(), '', time()-3600, '/');
				session_destroy();
				header('Location: index.html');
			}else{
				session_regenerate_id(); 
				$_SESSION['last_active'] = time();
				$_SESSION['owner_ses'] = $owner_ses;
				if($ost_activ < time()){
					$this->last_visit_time = time()+$this->timeout_active;
					$pdo = $this->pdo;
					$stmt = $pdo -> prepare('UPDATE `'.$this->prefix_mysql.users.'` SET `time_activ` = :date WHERE `id` = :user_id AND `session_key` = :seskey');
					$stmt -> bindValue(':date', $this->last_visit_time, PDO::PARAM_INT); 
					$stmt -> bindValue(':seskey', $owner_ses, PDO::PARAM_STR); 
					$stmt -> bindValue(':user_id', $_SESSION['user_id'], PDO::PARAM_INT); 
					$stmt->execute(); 		
				}
			}
		}
	}
}
 
$user_class = new user;
$user_class->pdo($pdo,$config['login_time'],$config['login_active_time'], $prefix_mysql);
 
$login = $user_class->login($_POST['email'], $_POST['password']);
 
 
?>
[PHP] pobierz, plaintext 

Jak jeszcze mogę zabezpieczyć logowanie? czy posiada jakieś błędy których nie zauważyłem? chciałbym być pewny przed wydaniem publicznie stronki.

mam nadzieje że to dobry dział, jak nie to przepraszam i prosze o poprawkę