PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I am makeing a user login ability on a new cms I have been designing with someone... we were wondering what the best way to have a user login would be? How would we encrypt something in php... we can store it in the database and read it back just fine but its not secure haveing the password sent back to the browser un-encrypted..... once the user is verified and logged in etc.. how do we keep him logged in... we cant just make every link say ?username=something&pass=something can we.... cookies would be good for this i guess but we have no experience whatsoever...
any example code/ tips or anything is greatly appreciated
ps.. (uninimportant) whats the php command to say the current page's filename? so we can say users online =7 then list the page each ones on and say 2 are on this page etc....
Ya, I'd use sessions. You can set up the connection to be https - that would secure the connection. Also, you could store and transmit the passwords as md5 hashes, not the actual password.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
well, it really depends on the server setup. For most servers, however, it can be just as simple as putting the 's' in the URL rather than just plain 'http'. The 's' tells the client and server to use SSL to communicate.
ok how would i use envryption on database... should i make a php script to encrypt what they enter on signup then on login encrypt that too then compare the 2 encrypted strings? how do i encrypt something in php?
I assume you're talking about protecting the passwords? In the past, what I've done is hashed the password upon user signup, then stored that hashed password in the DB. Then, when a user logs in, I'd hash what they've typed, and compared that with what's in the DB. That way, their password isn't stored. However, a secure connection is required in order to prevent plain-text transmission between the browser and the server.
What I used to do is just use $encrypted = md5($password). However, you can also use crypt(), which can allow you to use stronger encryption methods like DES and Blowfish.
sessions are a very valuable part of php, and u shud definetly learn. when a session is started, a variable can be passed from one page to another in the $_SESSION array. so like lets say in index.php, u wrote in a form to redirect to check.php which has a section that says
do you have session_start() at the beginning of each page? that is a necessity for sessions that i left out . without that, $_SESSION is just another variable
i put sessionstart thing in my headerfile (so every page gets it) and it says headers already sent cant set session cache limit or something.... what do i do about this... also should i just send the username in the session id or their password also?