I have been searching for months now and getting nowhere fast!!
I am at breaking point
All i need is a way that people can login to my site, and while browsing the site knows if you are logged in or not and if you are not because you visit a history link or something like it you are asked to login to view the pages.
has anyone got a script that i can use where i use the include() function this is the easiest way for me to learn the right way to use login sessions, i also want to use the cookies on users pc version but i do not want to store the email or user name, it need to be a md5 code like the time so that after the time expires that have to login again. i have heard that having the email and username in the cookie is not such a good idea.
thank you to anyone hwho can help in any way.
in need of a secure login script to include in my site
Moderator: General Moderators
-
jasonc310771
- Forum Newbie
- Posts: 2
- Joined: Sun May 21, 2006 8:52 am
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Login scripts are one of the more common developed snippets in PHP. Where have you searched? Take a look at Hotscripts to see if they have something, unless someone around here gives you their code.
It is true that having the username or email in the cookie is a bad idea, having it in the Session is okay, since it is a file on your server, unless it is hijacked, but that is another security measure all together.
If you MD5 something, then it is impossible to get it back. I store something in the session so that I can at least know who the user is who is signed in.
If you MD5 something, then it is impossible to get it back. I store something in the session so that I can at least know who the user is who is signed in.
-
jasonc310771
- Forum Newbie
- Posts: 2
- Joined: Sun May 21, 2006 8:52 am
you could use the cookie to store the md5 code of lets say the time they logged in, and store this also in the database so when they visit other pages, the page checks to see if you are logged in by checking for a cookie and then checking the data in it with whats on the database?
would that work
means another field
username, email, md5 code
but that way they can not change the md5 code without knowing what it is that is in the md5 code!!
does anyone know of a script that just does a simple but secure login where i add one line to each page i want to protect. so if they are not logged in while visiting a page it shows them the login box to sign in first to view the page.
would that work
means another field
username, email, md5 code
but that way they can not change the md5 code without knowing what it is that is in the md5 code!!
does anyone know of a script that just does a simple but secure login where i add one line to each page i want to protect. so if they are not logged in while visiting a page it shows them the login box to sign in first to view the page.
santosj wrote:It is true that having the username or email in the cookie is a bad idea, having it in the Session is okay, since it is a file on your server, unless it is hijacked, but that is another security measure all together.
If you MD5 something, then it is impossible to get it back. I store something in the session so that I can at least know who the user is who is signed in.