Hey, everyone.
I apologize in advance if this has been covered already. I tried searching the forums, and looking on Google, but nothing insightful popped up.
I've been working on a website and decided to incorporate some mySQL/PHP goodness. I plan to make a place where users can update their personal info via html forms. The information is displayed by PHP for the public to access.
For this I'm thinking of making a "users" table with the following columns:
id, name, password, etc. When they log in, their submitted password is checked against the one in the database and entry is permitted or denied based on the comparison.
From here I'm uncertain. Do I change a variable to toggle if the user is logged in? How would I only give access to that user for modifying his info? How can I make sure that only that computer is able to get any data? Are PHP and mySQL the right tools for ensuring security here?
If someone could point me in the right direction, or direct me to a tutorial that might answer my questions, it would be most appreciated.
Questions about creating accounts on a database
Moderator: General Moderators
- RandomEngy
- Forum Contributor
- Posts: 173
- Joined: Wed Jun 26, 2002 3:24 pm
- Contact:
- RandomEngy
- Forum Contributor
- Posts: 173
- Joined: Wed Jun 26, 2002 3:24 pm
- Contact:
Always remember that it is nice to save passwords as hashes, so that you can't see (that easily anyway) what password the user is using. Surprisingly many people use the one and the same password to every service they use! mySQL has password() function if I remember correctly (Using ldap now to authenticate...)
I always store user passwords after running them through md5(). When you want to authenticate, just run the password they provide through md5() and then compare that to what you have in the DB. If they match, yay. If they don't, bah.
This also removes the temptation (yes, it can be there), to see what users pick for passwords. I know that a lot of people wouldn't look, but there are some that would, and it's better to remove all temptation before it's there, you know?
This also removes the temptation (yes, it can be there), to see what users pick for passwords. I know that a lot of people wouldn't look, but there are some that would, and it's better to remove all temptation before it's there, you know?
- RandomEngy
- Forum Contributor
- Posts: 173
- Joined: Wed Jun 26, 2002 3:24 pm
- Contact: