I've been working with php for a long time, many times with quite advanced stuff but never needed, got the chance or the time to implement a more complex and secure authentification method for a site's private section for example. What i used until now was something like this (the main ideea not the actual implementation):
- i kept the username and the password in a mysql database (the password hashed)
- i verified the authentification like this (some parts are not real code, only the ideea, but that's what i'm looking for, the main ideea)
Code: Select all
$auth = false;
if( isset( $_POST['username']) && isset($_POST['password']) )
{
$u = [i]get_user_from_database[/i]
$p = [i]get_password_from_database[/i]
if( $u == htmlentities(trim($_POST['username'])) && $p == MD5(MD5(MD5(htmlentities(trim($_POST['password'])))))) //corected was incprectly writen MD5(MD5(MD5(htmlentities(trim($_POST['username'])))))) before
{
$auth = true;
$_SESSION['mysite_username'] = $u;
$_SESSION['mysite_password'] = $p;
}
}
else if( isset( $_SESSION['mysite_username']) && isset($_SESSION['mysite_password']) )
{
if( $u == $_SESSION['mysite_username'] && $p == $_SESSION['mysite_username'] )
$auth = true;
}
if($auth)
{
//the page content
}So..can you give me a pice of advice? Or some links? Or anything that can help. You can hit me with some more advanced stuff too. I will understand
Thank you very much!
