Questions about creating accounts on a database

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
User avatar
RandomEngy
Forum Contributor
Posts: 173
Joined: Wed Jun 26, 2002 3:24 pm
Contact:

Questions about creating accounts on a database

Post by RandomEngy »

Hey, everyone.

I apologize in advance if this has been covered already. I tried searching the forums, and looking on Google, but nothing insightful popped up.

I've been working on a website and decided to incorporate some mySQL/PHP goodness. I plan to make a place where users can update their personal info via html forms. The information is displayed by PHP for the public to access.

For this I'm thinking of making a "users" table with the following columns:
id, name, password, etc. When they log in, their submitted password is checked against the one in the database and entry is permitted or denied based on the comparison.

From here I'm uncertain. Do I change a variable to toggle if the user is logged in? How would I only give access to that user for modifying his info? How can I make sure that only that computer is able to get any data? Are PHP and mySQL the right tools for ensuring security here?

If someone could point me in the right direction, or direct me to a tutorial that might answer my questions, it would be most appreciated.
jason
Site Admin
Posts: 1767
Joined: Thu Apr 18, 2002 3:14 pm
Location: Montreal, CA
Contact:

Post by jason »

Yup, you can do it in PHP. I woud look into sessions in PHP, as that is what I think you are aiming for, controling when a user is logged in. =)
User avatar
RandomEngy
Forum Contributor
Posts: 173
Joined: Wed Jun 26, 2002 3:24 pm
Contact:

Post by RandomEngy »

Thanks for pointing me in the right direction, jason. I've made some progress and actually made a session and can control logins now. Now the fun part comes: coding it!
User avatar
9902468
Forum Commoner
Posts: 89
Joined: Thu Jun 06, 2002 6:39 am
Location: Europe

Post by 9902468 »

Always remember that it is nice to save passwords as hashes, so that you can't see (that easily anyway) what password the user is using. Surprisingly many people use the one and the same password to every service they use! mySQL has password() function if I remember correctly (Using ldap now to authenticate...)
honkyinc
Forum Newbie
Posts: 19
Joined: Tue Jun 04, 2002 10:30 am
Location: Maryland, USA

Post by honkyinc »

I always store user passwords after running them through md5(). When you want to authenticate, just run the password they provide through md5() and then compare that to what you have in the DB. If they match, yay. If they don't, bah.

This also removes the temptation (yes, it can be there), to see what users pick for passwords. I know that a lot of people wouldn't look, but there are some that would, and it's better to remove all temptation before it's there, you know?
User avatar
RandomEngy
Forum Contributor
Posts: 173
Joined: Wed Jun 26, 2002 3:24 pm
Contact:

Post by RandomEngy »

Cool, I think I'll do that md5 thing. Although that will mean I can't use my webpage to edit entries, I guess I can just use phpmyadmin or something to edit them. Thanks for the help.
Post Reply