On Monday 11 April 2005 10:48, Adam Hubscher wrote: There seems to be 2 issues here: > In an attempt to provide the best way to limit the # of accounts per > person, I assumed that this could be accomplished by placing a dummy > value only used by the site itself that is the username/encoded > password for them on the community, and test if... when searched for in > the database, a result set of x is discovered, then they are unable to > create another account. 1) You want to prevent people from creating multiple accounts. Basically there is really nothing concrete that you can do to prevent that short of making them pay an extortionate amount of money before they can create a new account. > Problem: I would like to possibly utilize a login system (created on > the remote server), that would then check their username and password > against the CMS database located there, then redirect with that > information (encrypted of course), to the local site where the > information gets stored in a session. Then when they go to create a new > account, it stores the extra verfied information into the database. > > However, the issue at hand here is, I'm not sure how secure it would be > if I were to say, create a secure login form, verify the data... and > then create another pseudo form that directs the person to the > local-based site using hidden post variables (this is my original > thought on the subject). 2) You want to check the credentials of a user/password against a remote database. One way to do it pretty securely without having to actually login to the remote database is to setup something like this: Remote database server, on this machine setup a simple webpage which grabs username and password from the URL. The username can be in plaintext (or if circumstances dictate and/or you're paranoid can be *encrypted*). The password is hashed (md5/sha, whatever) WITH a secret key. You can then verify whether username/password is correct and return an appropriate response. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
