php/mysql based secure user authentication?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ulala099
Forum Newbie
Posts: 9
Joined: Sat Jun 14, 2008 11:19 am

php/mysql based secure user authentication?

Post by ulala099 »

Hi,
I am newbie here and in php as well. I need a secure php/mysql based user authentication system (not the basic ones).I googled a lot but found none suitable with all the securities like preventing sql-injection, well encrypted password, captcha etc.

Please suggest me some secure and reliable php/mysql based user authentication frameworks or systems. It would be better if that is opensource.

Thanks in advance.
BETA
Forum Commoner
Posts: 47
Joined: Fri Jul 25, 2008 3:21 am

Re: php/mysql based secure user authentication?

Post by BETA »

Well if u are a php newbie i recommend you to learn it well first... Then phpbb3 can u give a guide... u can take a look at its code and see how it works :)
hope it helps ;)
ulala099
Forum Newbie
Posts: 9
Joined: Sat Jun 14, 2008 11:19 am

Re: php/mysql based secure user authentication?

Post by ulala099 »

Hi,
Thanks a lot for your reply. I have understood the basic steps of login , session, logout etc. I have downloaded phpbb3, but it's huge.

Are you sure it's security is better than any other stand alone user authentication system?

Which parts exactly I need to extract from phpbb3?

I was wondering how people work on the user authenticaiton system. Do they all write their own system manually? Or do they use any proved and secured authenticaiton sysem?

Please help me in this issue. Thanks a lot.
André D
Forum Commoner
Posts: 55
Joined: Thu Aug 28, 2008 7:03 pm

Re: php/mysql based secure user authentication?

Post by André D »

Developing a "secure" website involves more than just your login/authentication system. Whether writing your own system or assembling one with components taken from a code library, you should develop an understanding of the key concepts.

This might be a good place to start:
http://phpsec.org/projects/guide/
ulala099
Forum Newbie
Posts: 9
Joined: Sat Jun 14, 2008 11:19 am

Re: php/mysql based secure user authentication?

Post by ulala099 »

Thanks a lot for the security guide. That is really helpful to understand the security issues.

However I need any existing open source based user management system. Please advise me some open source user management system.

Thank you.
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Re: php/mysql based secure user authentication?

Post by Stryks »

There are a lot of authentication scripts floating around the place. Some good, some bad.

But I cant really recommend to you because I cant recommend that you (or anyone really) use one. Unless you really 'understand' the concepts and coding for such an important part of your site, you're just saying "well, I'll just trust my site's security to someone who I know nothing about. Surely I can trust this person, even though I have no clue as whether this person has any knowledge whatsoever about creating a secure environment".

I mean ... it's scary stuff. And a one-size-fits-all open source kit? I'm sure one exists, but I wouldn't use it purely because the more people who use it, the more people who'll be trying to break it. The more people trying , the more exploits found. And suddenly there are hundreds of people out there looking for out of date versions of the system they have a definite exploit for.

But you can find a good system out there. But here's the catch. You need to be able to KNOW how it's working ... what it's doing and how it's doing it ... in order to tell if it's the correct fit for you. And even then, if you understand what you're doing, and you find a nice piece of code, you're going to want to be familiar enough with it to jump in and make an emergency change at the drop of a hat. It's such a bad idea to have a 'black box' security system that I cant even express how bad an idea it is. ('black box' meaning that it's just a thing .. you don't know how it works, you're just told that it does)

Do your research. Find out the vulnerabilities and the methods used to mitigate these. Then you can start looking for pre-written code, though to be honest ... if you go that far you might as well write your own.

Also ...
André D wrote:Developing a "secure" website involves more than just your login/authentication system.
... Truer words have never been spoken.

Sorry to be so blunt.

Cheers 8)
ulala099
Forum Newbie
Posts: 9
Joined: Sat Jun 14, 2008 11:19 am

Re: php/mysql based secure user authentication?

Post by ulala099 »

Hi,
Thanks for your invaluable suggestion. I now understand why there is no standard of any user management system.

Can you at least refer me some good (no need to be 100% secured) user management systems (from simple to complex) so that I work on those and build my one? It will be really helpful.

Thanks.
Post Reply