secure login

Links for php scripts

Moderators: egami, macek, gesf

Post Reply
User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2213
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Sun Mar 20, 2005 6:50 am

well... simply save the id in a session or something..plus add fingerprints and validity dates... then each information is accessible by checking the user id from the session, plus session validity date and you can even check fingerprints... if user is not logged in -- show error..
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2213
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Sun Mar 20, 2005 1:33 pm

user posts a data through a login form: you verify it
if everything is okej -- save user id from the database to a session..
then on every page that is different or will require a user to be loged in you retrieve that user id from the session and generate a data based on that id..

for more security you may use fingerprints generated by a custom function..
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2213
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Mon Mar 21, 2005 3:36 pm

how much simpler could it be?

You create a form that posts data to some page..login.php for instance..

on that page you check the $_POST variables agains the data in your database.. if you find a username and a pasword in some record matching the posted one --- assign user id to a session ($_SESSION varible array)

Then on every page that has to be unique or user has to be loged in you simply check the $_SESSION['userid'] (if thats the one that stores user id) and use it for quering the database to be able to create a unique page.. thats all :)

How much simpler could it be?

In case you cant simply think logical -- try drawing some logick-schemes and logic-trees.. that might help... in case that doesnt help -- i suggest you first practice on doing that.. BEFORE you start programming.. and get some tutorial as well..
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2213
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Tue Mar 22, 2005 1:07 pm

well.. actually the only tutorial that you might need is PHP.net manual...

http://www.devshed.com/c/a/PHP/Creating ... in-Script/

might give you some ideas how to do it... but still think logicaly and you will be able to do it... ask more exakt questions and we will be happy to help on that matter...

Note, that it's no point in asking how to build a login system as i've already told you about the whole procedure... if there is something unclear: ask..
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

User avatar
Virtuoso
php-forum Active User
php-forum Active User
Posts: 267
Joined: Mon Jul 21, 2003 7:05 am
Contact:

Tue Mar 22, 2005 3:57 pm

When you learn how to create a login and what cookies are:

just give them a cookie with their username and password, and check to see that they both always match, and if they don't, give them a "guest" cookie.

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2213
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Tue Mar 22, 2005 4:06 pm

bad idea...
try not to use only cookies..

plus never store password in session or cookie... even hashed pass..
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

User avatar
WiZARD
Moderator
Moderator
Posts: 1240
Joined: Thu Jun 20, 2002 10:14 pm
Location: Ukraine, Crimea, Simferopol
Contact:

Fri Mar 25, 2005 6:25 am

Virtuoso wrote:When you learn how to create a login and what cookies are:

just give them a cookie with their username and password, and check to see that they both always match, and if they don't, give them a "guest" cookie.

in cookie save just encoding session id but session and all data save in DB
"Sex,Drugs and Rock&Roll " replaced at "Sucks,Bugs and Plug&Play";
Image

Post Reply