Secure login

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
terji
Forum Commoner
Posts: 37
Joined: Tue May 14, 2002 5:27 pm
Location: Denmark

Secure login

Post by terji »

How does one SAFELY secure the administration part with a username and password?

I have a site where usernames and passwords are stored in a MySql database and I'm looking for the "best" way to secure the pages that only the siteusers should have access to.
laserlight
Forum Commoner
Posts: 28
Joined: Wed Jan 01, 2003 6:41 am

Post by laserlight »

"Best" would depend on your definition.
You could have one that used SSL and the like, or a simple cookie based one with no encryption or hashing.
Would also depend on whether you just intend to use it for some personal website or if security is really an issue.
terji
Forum Commoner
Posts: 37
Joined: Tue May 14, 2002 5:27 pm
Location: Denmark

The site a...

Post by terji »

The site I'm making is just a "educational" site for guitar freaks. I'm making a community which allows them to exchange tips and music sheets.

Therefor using SSL is a bit extreme, but to me personally the security of the community members profile data is a must!

I'm not specially happy with cookies, so that leaves me with the option to create a file that checks for logon and include it in every php file that is a part of the administration(how should this file be done?).
This seems to me to be a good idea, but if there are other solutions I would be glad to hear them.
User avatar
Skywalker
Forum Contributor
Posts: 117
Joined: Thu Aug 29, 2002 3:33 am
Location: The Netherlands

Post by Skywalker »

when you are making an new account for some one make sure you encrypt it, because when somebody can enter the database he will have all the logins and passwords. so make sure you use MD5 to encrypt.

The password will be the same, but in the database it generates a strange string that is not the same as the password.

Look for more information on php.net/md5
User avatar
Elmseeker
Forum Contributor
Posts: 132
Joined: Sun Dec 22, 2002 5:48 am
Location: Worcester, MA

Post by Elmseeker »

I would have to agree with walker, the md5 hash is pretty decent and seems to do a good job. I use md5 on my site and I believe these boards use it also...It's not as secure as SSL or something like that but for a basic security scheme it should do just fine.
Post Reply