Re: Login System / Cookies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Armando wrote:

Greetings!

I'm developing a login system in php and wondering if someone could possibly provide some advice, as I'm still relatively new to php.

First, I'm limited to using cookies only for my session variables, so for instance, remembering users who wish to not have to login to the site each time they visit. I obviously don't want to put the user's login information in the cookie in plain text, so I was thinking perhaps that I'd use md5 hashed values instead. So in the database I'd have 4 fields for the user information, ie; username, username_md5, password, password_md5. Does this make any sense, or is there some other better way?

Also, I've ready about using session ID's.. for instance, how they are used in the phpBB forum. Would it be better to use them? I don't quite understand the purpose for it, but if someone could expain it, it would be greatly appreciated. Thanks in advance!

Best Regards,

Armando

you should only store the hash for the password in the database and in the cookie, then you can see if the two hashes match e.g.

if($password_md5 == md5($_SESSION['password']) {
   echo "password correct";
} else {
   echo "password not correct";
}


you shouldnt need to worry too much about session ids unless you are writing your own session manager anyway

hope i helped ;)

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]

  Powered by Linux