Feedback requested: Site Security Function (preventing session hijacking)

Hello experienced developers. I am breaking into the freelance web developer scene and my company was hired by our first big client. I found it necessary to start early and securing my sites from the get-go. After reading much on the subject of php security I came up with a specialized function that probably needs some tweaking to become completely portable, but still helps secure the site (from a session hijacking perspective). This function is set to execute every time a controller is accessed on the site. I was wondering if I could get some feedback on its efficiency. Is it overkill? Is it impractical? Is it not enough? Any feedback is appreciated.

I have replaced some specifics with arbitrary values to protect my client’s data.


function checksess() {
	
	/* 
	/ session_start() is implied and required!
        /
        / $_SESSION['pword'] is sha1 encrypted version of pw upon login to match sha1 encrypted pw in database
	*/

	$e = '';
	include $_SERVER['DOCUMENT_ROOT'].'dbconnection.php'; //arbitrary
	
	$result = mysql_query("SELECT Email FROM table WHERE Name='".mysql_real_escape_string($_SESSION['name'])."' AND Password='".mysql_real_escape_string($_SESSION['pword'])."'") or die("error with query");    //arbitrary field/table names
	
	if (mysql_num_rows($result) == 0) $e .= "User validation failed! ";
	$row = mysql_fetch_assoc($result);
	
        //these session vars are set upon successful login
	if ($_SESSION['ip'] != sha1($_SERVER['REMOTE_ADDR'])) $e .= "IP mismatch. Please login again. ";
	
	if ($_SESSION['ua'] != sha1($_SERVER['HTTP_USER_AGENT'])) $e .= "You must use the same browser for your entire experience. Please login again. ";
	
	if ($_SESSION['token'] != sha1($row['Email'])) $e .= "Personal data mismatch.  Please login again. ";
	
	mysql_close($link);
	
        //check for error message.  if non empty, exit;
	if (empty($e)) {
	
		session_regenerate_id();
		return true;
	
	} else {
		
		killsess();   //function written that unsets $_SESSION and destroys session data
		exit($e);
	
	}
	
	
}