Solid login/session class?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
markww
Forum Newbie
Posts: 3
Joined: Fri Feb 13, 2009 10:11 am

Solid login/session class?

Post by markww »

Hi,

I'm looking for a login/session class. I can come up with something myself, but surely there must be a robust, standard security class already out there?

I've been searching for quite some time - seems like there are a lot of do-it-yourself implementations, which aren't even escaping the user submitted username / password variables! These seem to be popular... At the other end of the spectrum are full-blown frameworks, which are out of my scope as well.

Anyone have any recommendations? It seems like a login/session class should be stickied at the top of this forum, and can be improved over time by the community, and used by novices (like myself) as a decent base, just an idea,

Thanks
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Solid login/session class?

Post by kaisellgren »

For sessions, here you go: http://fi.php.net/manual/en/book.session.php

PHP's session system has been used on many websites for a long time. You can use it.

As for logins, there are millions of login scripts out there and like you said, vast part of them are vulnerable to different kinds of attacks. Besides, there are no ultimate login scripts, if you are looking for the basic features, you probably find them in all login scripts, but anything unusual you have to code yourself.

Why would you not want to code a login system? It is not a big task in my opinion. Once you are finished, you can use us at DevNetwork to evaluate its security. ;)
Post Reply