https://www.webmaster-forums.net/crss/node/1020806 en https://www.webmaster-forums.net/serverside-scripting/creating-secure-php-login-script#comment-1127865 <p>Not a problem nuke <img src="https://www.webmaster-forums.net/misc/smileys/big.png" title="Laughing out loud" alt="Laughing out loud" class="smiley-content" /></p> Wed, 26 Mar 2003 10:03:53 +0000 Renegade comment 1127865 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/creating-secure-php-login-script#comment-1127856 <blockquote class="bb-quote-body"><p>Quote: <em>Originally posted by Renegade </em><br /> <strong><a href="http://www.evolt.org/article/Creating_a_Login_Script_with_PHP_4/17/19661/" class="bb-url">Here's</a> a link you might find useful <img src="https://www.webmaster-forums.net/misc/smileys/big.png" title="Laughing out loud" alt="Laughing out loud" class="smiley-content" /> </strong></p></blockquote> <p>Thanks for that link Renegade. I think I'll be able to get the login script up and running with the help of that tutorial.</p> Wed, 26 Mar 2003 07:51:34 +0000 nuk3 comment 1127856 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/creating-secure-php-login-script#comment-1127849 <p>I'm working on a script that will do either all the work for you or the main bulk of it.</p> <p><a href="http://usermanage.sourceforge.net/" class="bb-url">http://usermanage.sourceforge.net/</a></p> Wed, 26 Mar 2003 05:18:19 +0000 Cog comment 1127849 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/creating-secure-php-login-script#comment-1127755 <p>MD5 is simply an encryption method (not specific to mySQL). There is a mySQL function (conveniently called MD5) which will encrypt data with the MD5 algorythm. Same for SHA1.</p> <p>PASSWORD() is specific to mySQL.</p> Mon, 24 Mar 2003 17:46:07 +0000 Mark Hensler comment 1127755 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/creating-secure-php-login-script#comment-1127749 <p>Oh, so MD5 is MySQL, too. Got it. While reading around, people were discussing them without specifying which went with what language.</p> <p>Thanks for the links guys, this is great. I keep reaping the benefits of other people asking questions, lol.</p> Mon, 24 Mar 2003 16:28:15 +0000 Suzanne comment 1127749 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/creating-secure-php-login-script#comment-1127735 <p><a href="http://www.evolt.org/article/Creating_a_Login_Script_with_PHP_4/17/19661/" class="bb-url">Here's</a> a link you might find useful <img src="https://www.webmaster-forums.net/misc/smileys/big.png" title="Laughing out loud" alt="Laughing out loud" class="smiley-content" /></p> Mon, 24 Mar 2003 08:02:35 +0000 Renegade comment 1127735 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/creating-secure-php-login-script#comment-1127733 <p>depends on your application..</p> <blockquote class="bb-quote-body"><p>Quote: quoted from here: <a href="http://www.mysql.com/doc/en/Miscellaneous_functions.html#IDX1334" class="bb-url">http://www.mysql.com/doc/en/Miscellaneous_functions.html#IDX1334</a></p> <p>PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. See ENCRYPT(). Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC-2195 for more information about handling passwords and authentication securely in your application.</p></blockquote> <p>Sounds like good enough advice for me.</p> Mon, 24 Mar 2003 06:43:37 +0000 Mark Hensler comment 1127733 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/creating-secure-php-login-script#comment-1127732 <p>On topic, is there an opinion out there regarding whether it's better to use PHP -- mcrypt, md5 (?) -- or MySQL -- PASSWORD()?</p> Mon, 24 Mar 2003 06:17:23 +0000 Suzanne comment 1127732 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/creating-secure-php-login-script#comment-1127730 <p>Thanks for your help samsm <img src="https://www.webmaster-forums.net/misc/smileys/wink.png" title="Wink" alt="Wink" class="smiley-content" /></p> Mon, 24 Mar 2003 05:51:28 +0000 nuk3 comment 1127730 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/creating-secure-php-login-script#comment-1127722 <p>I posted something like this on another forum awhile ago. The answer I got back was: "Make one yourself!"</p> <p>Well, I wanted unlimited, multidimensional hierarchies so I am actually still working on completing that project. <img src="https://www.webmaster-forums.net/misc/smileys/smile.png" title="Smiling" alt="Smiling" class="smiley-content" /></p> <p>However, they are correct in that making a basic login script is pretty easy. I could attempt a step-by-step if you wanted.</p> <p>Heck, I'll write up a basic one right now:<br /> 1. Start session<br /> 2. If logged in user valiable exits (5) else (3)<br /> 3. Present log-in form. User submits data.<br /> 4. Check data against records. If valid, store username and such in a session variable. Goto (1)<br /> 5. Logged in, cool!</p> <p>The biggest security pitfall in PHP is relying upon registered global varaibles. This article explains that issue pretty well: <a href="http://www.sitepoint.com/article/758" class="bb-url">http://www.sitepoint.com/article/758</a></p> Sun, 23 Mar 2003 17:44:58 +0000 samsm comment 1127722 at https://www.webmaster-forums.net