User Authentification System Guidelines

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
spartan7
Forum Commoner
Posts: 29
Joined: Sun Jun 19, 2005 12:09 am

User Authentification System Guidelines

Post by spartan7 »

Hi there.

I have been asked by a client to develop a user authentification system. Where a user can login and edit their details and submit it. However, he wants the users of the system to be able to login to the site from a URL he emails them and not have to go through the process of entering a login and password atall. But it still must be secure.

Is there any way of securely sending the username/password in the URL inorder to access the admin section or concept of doing something similar?

Thanks
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

instead of sending the actual username and admin in the email send a token
spartan7
Forum Commoner
Posts: 29
Joined: Sun Jun 19, 2005 12:09 am

What do you mean by token?

Post by spartan7 »

Thanks
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

There's no way to guarantee that the URL can't be sent by a third party. Tell your client he's out to lunch. You can make that token as complex as possible, but Joe Script Kiddie will still be able to copy and paste it into his browser.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply