@AGISB
I came up with the same idea, just without using the ip_address, as it is easily possible to habe several users in the same IP range.
In the tutorials section I wanted to leave some comment on your code, but since this forum is restricted, I leave it here, perhaps you can modify you totorial, if you find this information valueable. I am going to refer myself to the last script in
this tutorial - Authentication Modul (HTTP Basic)
1.) In the
verify_user function I would recommend using md5 hash instead of using the mysql password() function
http://dev.mysql.com/doc/mysql/en/Appli ... d_use.html
The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications change to md5...
2.) On line 51 the query on TStamp column must be named time_stamp to run properly
3.) You could point out, what is necessary to get the script run, like leaving all the dashes in $just-a-name and $just-a-time names out. That sounds a little bit silly to mention this, but for my part I didn't knew that dashes are not allowed for naming.
4.) It was very good to mention, that the line
Code: Select all
<?php
session_set_cookie_params(0, '/', '.foo.com');
?>
helps passing subdomains, but if e.g. I want to pass the session from a page that is secured by the script to a non secured area, it does not work for me, I have to drop that line. (mhh wondering if my point here makes sense at all ?!)
5.) Maybe it would be fine if you could post a version of the final script with the log_failed_user($user) lines included and the simple added Logout discussed here.
Thx again for your good tutorial _yak