Board index   FAQ   Search  
Register  Login
Board index PHP PHP Scripts

secure login

Links for php scripts

Moderators: macek, egami, gesf

secure login

Postby dadada » Sat Mar 19, 2005 10:50 pm

am currently designing a website where you need to enter a user name and password. after each user logs in they goto their own individual unique information area.

could someone lead me in the right direction.

thanx in advance
dadada
New php-forum User
New php-forum User
 
Posts: 4
Joined: Sat Mar 19, 2005 10:48 pm

Postby Alexej Kubarev » Sun Mar 20, 2005 6:50 am

well... simply save the id in a session or something..plus add fingerprints and validity dates... then each information is accessible by checking the user id from the session, plus session validity date and you can even check fingerprints... if user is not logged in -- show error..
User avatar
Alexej Kubarev
Site Admin
Site Admin
 
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län

Postby dadada » Sun Mar 20, 2005 9:53 am

I am a beginner in php could you break that down to a simpler compound

thanx
dadada
New php-forum User
New php-forum User
 
Posts: 4
Joined: Sat Mar 19, 2005 10:48 pm

Postby Alexej Kubarev » Sun Mar 20, 2005 1:33 pm

user posts a data through a login form: you verify it
if everything is okej -- save user id from the database to a session..
then on every page that is different or will require a user to be loged in you retrieve that user id from the session and generate a data based on that id..

for more security you may use fingerprints generated by a custom function..
User avatar
Alexej Kubarev
Site Admin
Site Admin
 
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län

Postby dadada » Mon Mar 21, 2005 2:00 pm

could you break it down a little for me please

thanx
dadada
New php-forum User
New php-forum User
 
Posts: 4
Joined: Sat Mar 19, 2005 10:48 pm

Postby Alexej Kubarev » Mon Mar 21, 2005 3:36 pm

how much simpler could it be?

You create a form that posts data to some page..login.php for instance..

on that page you check the $_POST variables agains the data in your database.. if you find a username and a pasword in some record matching the posted one --- assign user id to a session ($_SESSION varible array)

Then on every page that has to be unique or user has to be loged in you simply check the $_SESSION['userid'] (if thats the one that stores user id) and use it for quering the database to be able to create a unique page.. thats all :)

How much simpler could it be?

In case you cant simply think logical -- try drawing some logick-schemes and logic-trees.. that might help... in case that doesnt help -- i suggest you first practice on doing that.. BEFORE you start programming.. and get some tutorial as well..
User avatar
Alexej Kubarev
Site Admin
Site Admin
 
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län

Postby dadada » Tue Mar 22, 2005 12:19 pm

Could you reccommend some good tutorials on this subject.
thanx
dadada
New php-forum User
New php-forum User
 
Posts: 4
Joined: Sat Mar 19, 2005 10:48 pm

Postby Alexej Kubarev » Tue Mar 22, 2005 1:07 pm

well.. actually the only tutorial that you might need is PHP.net manual...

http://www.devshed.com/c/a/PHP/Creating ... in-Script/

might give you some ideas how to do it... but still think logicaly and you will be able to do it... ask more exakt questions and we will be happy to help on that matter...

Note, that it's no point in asking how to build a login system as i've already told you about the whole procedure... if there is something unclear: ask..
User avatar
Alexej Kubarev
Site Admin
Site Admin
 
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län

Postby Virtuoso » Tue Mar 22, 2005 3:57 pm

When you learn how to create a login and what cookies are:

just give them a cookie with their username and password, and check to see that they both always match, and if they don't, give them a "guest" cookie.
User avatar
Virtuoso
php-forum Active User
php-forum Active User
 
Posts: 268
Joined: Mon Jul 21, 2003 7:05 am

Postby Alexej Kubarev » Tue Mar 22, 2005 4:06 pm

bad idea...
try not to use only cookies..

plus never store password in session or cookie... even hashed pass..
User avatar
Alexej Kubarev
Site Admin
Site Admin
 
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län

Postby WiZARD » Fri Mar 25, 2005 6:25 am

Virtuoso wrote:When you learn how to create a login and what cookies are:

just give them a cookie with their username and password, and check to see that they both always match, and if they don't, give them a "guest" cookie.

in cookie save just encoding session id but session and all data save in DB
User avatar
WiZARD
Moderator
Moderator
 
Posts: 1257
Joined: Thu Jun 20, 2002 10:14 pm
Location: Ukraine, Crimea, Simferopol


Return to PHP Scripts

Who is online

Users browsing this forum: TurnitinBot [Bot] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.