I figured I wouldn't want to store plain text passwords in the database,
but I was considering a "Forgot your password?" option in which it could
be emailed. I suppose what I'll do instead is just used the hashed
password and if someone forgot theirs, I'll write a random password
generator to reset it and mail that instead.
And yes you're right, I will be using $_COOKIE to validate the user when
they revisit the page by comparing the cookie value to the value in the
database.
As for hashing the username, I was checking out phpBB and noticed when
you log in it actually doesn't show your userid or autologinid as plain
text so that's why I was considering hashing the username, just for
cookie value. Thanks for the insight!
Armando
Trystano@xxxxxxx wrote:
Shouldn't you have used the $_COOKIE global variable, considering it
will be coming from a cookie?
Like so...
if($password_md5 == md5(*$_COOKIE*['password']) {
echo "password correct";
You shouldn't stored plain passwords in a database - simple as that. As
for hasing the username, not really sure there is a need for that.
Thanks
Tryst
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
