authentication verification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So the user comes to the site and they're presented with a log in page.
They enter they're username and password and php checks a mysql database
for a matching username and password.
If there is a match, it responds with 1 line found. If no match, it
responds with 0 lines found.
In the case of a match, php then sets a cookie on their browser with a
value of 1 for authenticated and 0 for not authenticated. Every
subsequent page the user views checks the status of this cookie and if
it's a zero it kicks them back to the log in page. This
cookie expires in 5 days and after that they'll have to log in again.
I'm aware that this is terribly easy to circumvent by creating/modifying a
cookie with the 1 value and the site thinks you've passed muster.
What is a better way of doing this?

--

DeadTOm
http://www.mtlaners.org
deadtom@xxxxxxxxxxxx
A Linux user since 1999.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux