Armando wrote:
Greetings!
I'm developing a login system in php and wondering if someone could
possibly provide some advice, as I'm still relatively new to php.
First, I'm limited to using cookies only for my session variables, so
for instance, remembering users who wish to not have to login to the
site each time they visit. I obviously don't want to put the user's
login information in the cookie in plain text, so I was thinking
perhaps that I'd use md5 hashed values instead. So in the database I'd
have 4 fields for the user information, ie; username, username_md5,
password, password_md5. Does this make any sense, or is there some
other better way?
Also, I've ready about using session ID's.. for instance, how they are
used in the phpBB forum. Would it be better to use them? I don't quite
understand the purpose for it, but if someone could expain it, it
would be greatly appreciated. Thanks in advance!
Best Regards,
Armando
you should only store the hash for the password in the database and in
the cookie, then you can see if the two hashes match e.g.
if($password_md5 == md5($_SESSION['password']) {
echo "password correct";
} else {
echo "password not correct";
}
you shouldnt need to worry too much about session ids unless you are
writing your own session manager anyway
hope i helped ;)
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php