Hi,
I'm looking for a login/session class. I can come up with something myself, but surely there must be a robust, standard security class already out there?
I've been searching for quite some time - seems like there are a lot of do-it-yourself implementations, which aren't even escaping the user submitted username / password variables! These seem to be popular... At the other end of the spectrum are full-blown frameworks, which are out of my scope as well.
Anyone have any recommendations? It seems like a login/session class should be stickied at the top of this forum, and can be improved over time by the community, and used by novices (like myself) as a decent base, just an idea,
Thanks
Solid login/session class?
Moderator: General Moderators
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Solid login/session class?
For sessions, here you go: http://fi.php.net/manual/en/book.session.php
PHP's session system has been used on many websites for a long time. You can use it.
As for logins, there are millions of login scripts out there and like you said, vast part of them are vulnerable to different kinds of attacks. Besides, there are no ultimate login scripts, if you are looking for the basic features, you probably find them in all login scripts, but anything unusual you have to code yourself.
Why would you not want to code a login system? It is not a big task in my opinion. Once you are finished, you can use us at DevNetwork to evaluate its security.
PHP's session system has been used on many websites for a long time. You can use it.
As for logins, there are millions of login scripts out there and like you said, vast part of them are vulnerable to different kinds of attacks. Besides, there are no ultimate login scripts, if you are looking for the basic features, you probably find them in all login scripts, but anything unusual you have to code yourself.
Why would you not want to code a login system? It is not a big task in my opinion. Once you are finished, you can use us at DevNetwork to evaluate its security.