Advice on secure login

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

New php-forum User
New php-forum User
Posts: 1
Joined: Wed Sep 14, 2011 7:14 am

Advice on secure login

Postby nathanmm88 » Wed Sep 14, 2011 7:37 am

I'm planning a project that i want to implement it using php and MySQL, i have been searching the net for the best way to do this, i was just wondering if this would be safe:

The user enters the Username and Password.

the user name is hashed using sha1

and the password is hashed with a salt added

if entered correctly they should be equal to what is stored on the database

so if the number of rows returned is equal to '1'

create a couple of session variables

1. password - the hashed password
2. username - the hashed username

and on every page that needs to be protected have a check using the session variables and only allow if the number of rows is = '1' otherwise redirect and exit

would this be a safe technique or can someone spot how this can be exploited

sorry if the example is long winded

any help would be great.

User avatar
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: Advice on secure login

Postby egami » Thu Sep 15, 2011 4:20 am

Should *NEVER* make a password a session variable.
If anything, a user ID, user access code, username and any groups they belong to.

Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: No registered users and 1 guest