PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sat Dec 07, 2019 8:43 am

All times are UTC - 5 hours




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 
Author Message
PostPosted: Thu Apr 05, 2012 7:27 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA


Attachments:
login.tar.gz [12.07 KiB]
Downloaded 529 times


Last edited by califdon on Sat Apr 14, 2012 6:50 pm, edited 3 times in total.
I inadvertently failed to insert the body of the Tutorial. Corrected.
Top
 Profile  
 
PostPosted: Fri Apr 06, 2012 1:23 am 
Offline
Forum Contributor

Joined: Sat Jan 03, 2009 4:27 pm
Posts: 148
Some suggestions:

1. Although you talk about password hashes, you don't talk about password strength. It doesn't matter how reliable the data stored in your database is at preventing a hacker from finding out your users' passwords if they can be easily broken by a brute force attack (which presumably will start by using simple, common passwords). Perhaps it's worth adding in some suggestions about acceptable password syntax; length, characters, case, etc. You don't want to allow a password like "password" or "123".

2. This is a little more concise (from last code sample, re. session checking):

Syntax: [ Download ] [ Hide ]
... !isset($_SESSION['user_id'], $_SESSION['signature'], $_SESSION['loggedIn']) ...


3. Perhaps it's best for your tutorial to be more forceful in its suggestion of prepared statements. Rather than giving examples using mysql_real_escape_string() it should probably give examples using PDO. Or at the very very least, use the mysqli extension. But PDO would be best as I'm sure there any many who don't use MySQL.


Top
 Profile  
 
PostPosted: Fri Apr 06, 2012 7:28 am 
Offline
Moderator
User avatar

Joined: Mon Nov 03, 2003 7:13 pm
Posts: 5978
Location: Odessa, Ukraine
session_is_registered()/session_register()/session_unregister() are deprecated in 5.3 and removed in 5.4


Top
 Profile  
 
PostPosted: Fri Apr 06, 2012 5:26 pm 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Sat Apr 07, 2012 1:56 am 
Offline
Forum Contributor

Joined: Sat Jan 03, 2009 4:27 pm
Posts: 148


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group