Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => General

Hi to you all!

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

Hi to you all!

Postby Taff » Wed Feb 05, 2003 4:46 am

Hi,
Got a little PHP problem and thought this could be just the place to get an answer. :D
I made a simple password Authentication in a normal html form going on to a php doc. NP's there.
However, I've seen some of those nifty little "Login Windows" slightly resembling an alert message.
Wot are they used for? And would they possibly suit my needs (i.e. accessing a restricted web-site)?
I tried searching for authentication & access and the like but its hard to find something when you are not sure wot it is you are lookin for.
Any help would be greatly appreciated.
Cheers,
Taff
Taff
New php-forum User
New php-forum User
 
Posts: 5
Joined: Wed Feb 05, 2003 4:29 am
Location: Hameln(Pied Piper), Germany

Postby Hadleigh » Wed Feb 05, 2003 7:26 am

Hi,

I'm guessing that Your referrring to Javascript prompt boxes. These can be good but I think that the data that is sent on from them is by the GET method (I'm not sure about this but if true there would be a security hole).

If you want to do a really simple one try this:

http://javascript.internet.com/passwords/prompt.html

It's very crude but works as long as the site is not supposed to be VERY secure.

If you really do need to bear in mind security you could research the following:

session cookies

Post the form to a password checking script > if correct set a sess_id and store it in a db > at the top of each subsequent page check that the session id is in the table and if its not chuck the person out.

A further measure may be to ensure also that the user has clicked somewhere in 10 mins and make their login expire if they have not.

Using this you can stop people entering your site without logging in (if they have bookmarked a page).

Hope this helps,

Hadleigh.
Hadleigh
New php-forum User
New php-forum User
 
Posts: 32
Joined: Tue Feb 04, 2003 10:32 am
Location: UK

Postby Taff » Wed Feb 05, 2003 9:08 am

Thx,
If you really do need to bear in mind security you could research the following:
session cookies
Post the form to a password checking script > if correct set a sess_id and store it in a db > at the top of each subsequent page check that the session id is in the table and if its not chuck the person out.
A further measure may be to ensure also that the user has clicked somewhere in 10 mins and make their login expire if they have not.


There is some pretty useful stuff there! The last one i made, the user had to log in on every site which gets a bit tedious after 3 or 4. I'll look into the session cookies.

I didnt actually mean the JS prompt window, i think there is another one that comes into play when you try to enter a secure area.
I tried looking for an example, but you know how it is when you need one.....
Anyway thx for your swift reply, it proved very helpful :D

Cheers,
Taff
Taff
New php-forum User
New php-forum User
 
Posts: 5
Joined: Wed Feb 05, 2003 4:29 am
Location: Hameln(Pied Piper), Germany

Postby Hadleigh » Wed Feb 05, 2003 9:27 am

No probs,

You may then be thinking of .htaccess files. These sit in the root of your account and will require someone to enter a username and password to access a particluar folder (say poublic_html). I can't actually find one on our web server to show you I'm afraid but there'll be plenty of help out there.

Also, you might like to research getting a certificated secure server through someone like Thwart (can be expensive).

cheers,

Hadleigh.
Hadleigh
New php-forum User
New php-forum User
 
Posts: 32
Joined: Tue Feb 04, 2003 10:32 am
Location: UK

Postby Taff » Thu Feb 06, 2003 12:00 am

Thanks again,
I'll look into it, although i think i'll stick to a simple html access for the time being, its nothing confidential really, just makes the customer feel important when i give him a password and login :D
Cheers,
Taff
Taff
New php-forum User
New php-forum User
 
Posts: 5
Joined: Wed Feb 05, 2003 4:29 am
Location: Hameln(Pied Piper), Germany


Return to PHP coding => General

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.