Kushika
Mar 12 2006, 11:13 AM
| | I've read a few articles, and looked up the code of certain files and some of them seem to work differently. I'm trying to create a login script, which would require PHP and mySQL to run, however, I'm not quite sure how to approach it since I'm only just learning PHP.
I'd like to know, what is the most secure and effective login? I've heard you can add a salt to encrypted passwords, etc, and well as using sessions (sid). It's just like to know what methods are best for creating a secure login script.
Thank yo ufor readin this.
|
Reply
mastercomputers
Mar 12 2006, 12:29 PM
So what are you trying to do? Is it a membership login, securing pages, etc? What usually happens is people build web applications in which they believe is secure, someone comes along and breaks it and then they fix those problems. There's really no 100% safe way, it's always a trial and error experience. Large companies don't rely on just those technologies and sometimes have 3rd party software involved as well. If you have code snippets that you think would be good, you should post those, that way I could help with sifting through what I would consider safe. The basics is you've got a Username field a Password field and a login button. All data entered by the user must be checked against. Never match user with password, just grab the user's row and then compare the password from the results, if the user doesn't exist you'd know because the database couldn't return the results, if the password doesn't match from the results returned from the database, also it will be incorrect. Make sure you use either crypt() or md5() (heard md5 has collission problems, which doesn't mean it's that insecure just means multiple passwords could equal the same hash) to encrypt the password, if possible, you should have it connect over a Secure Connection. Always have a counter to count the times someone attempts to connect to that login multiple times, after 3 or more, present them with another login form which requires the visual representation of letters/numbers to be inserted, as well as a means to reset their password if they have forgotten it. Sessions should be given to every user who connects to your site, even if they have not signed in, this is to help you monitor them. Do not give back too much information that went wrong, e.g. if the username was incorrect, say either the username or password were incorrect (basically make it out that both were incorrect). Using a salt for password is basically for random generating a password, it's probably best to use this and send this type of password to the user's email before allowing them to create and change there password, this way, you also verify their email address and can also send them changes/updates etc. Also try to make sure they use strong passwords and not weak ones. There's tonnes more that would need to be talked about, even the security of your database and files etc, basically trying to make sure there's no weak links, since you might have the most secure login page in the world, yet your database security let you down and exposed everything, etc. Cheers, MC
Reply
CrazyPensil
Mar 21 2006, 09:24 AM
I won't repeat everything once more) just see my answer a bit below your topic.
Reply
sonoftheclayr
Jul 1 2006, 06:14 AM
I made a login script for my website that has a sha1 encrypted password stored in the databse and cross-checks that with the password the user supplied. It stores the users name, id, clearance and username in cookies for ease of use around my website instead of connecting to the database every time and doesn't store information such as password and email in cookies, but I am just wondering how secure that is. I would have used sessions but they don't like me. It isn't that much finished but upon registration an email is sent to their email address requiring them to confirm their account before login and the confirmation page requires username, password and email address before they are allowed to log in. Half of my features aren't finished but I know how I am going to do them such as the following: - Resend confirmation email - Forgot my password - Change settings and profile - Automatically delete any unconfirmed users that have been registered for 72 hours (Ample to time to confirm account or to send out confirmation email again) If anybody would like a copy of the completed script or would like to help in any way PM me.
Reply
cj2005
Jul 1 2006, 11:45 AM
Use the mcrypt function (Not built into PHP as standard) MCrypt FTP Siteor mhash MHash Download SiteYou can encrypt and decrypt strings using both extensions to PHP. If you cant install either, you can encrypt strings using the following code CODE
<?php
$str="Hello, I am going to be encypted";
$enc_str = md5($str);
echo $str . "<br />" . $enc_str;
?>
Reply
Recent Queries:--
encypted format php mysql - 101.23 hr back. (1)
Similar Topics
Keywords : create, secure, loging, php, mysql
- Mysql Overhead
(3)
What You Need Before You Can Create A Text-based Game..
Using PHP, HTML and MySQL (7) Please comment and rate, after you finished reading! /smile.gif"
style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />
################################################################# Change log: Aug 22 2008: The
Tutorial Was Created. V1.0.0 Aug 30 2008: Added XHTML and a small CSS part. Also corrected some
small things and added this change log. V2.0.0
################################################################# OK.. Many people here want to
create text based games. Many of you ask us here on the forums: "how to create a text-based ....
Create An Ftp Server On Your Pc With Serv-u
Create An Ftp Server On Your Pc With Serv-u (1) QUOTE Create An Ftp Server On Your Pc With Serv-u Requirements: Serv-U No-IP.com Website
Quote: Step 1. Getting a static IP address. Get a static address for your FTP server. You will want
to do this as opposed to using your IP address for several reasons. First, it’s easier keeping
up-to-date. Imagine having to change all of your setting every time your IP changed. With No-IP, the
No-IP service runs in background on your computer and updates your current IP address with your FTP
server’s URL (for example, you get ftp://rkchoolie.serveftp.com) . Second reason, yo....
Mysql Multiple Tables
(1) It is good practice to use multiple tables to sort out big amounts of data. But once you do that it
becomes increasingly hard to cross reference the tables. Mysql has a little beautiful command
structure that they have added. You can select multiple tables within one sql query. Example of a
basic sql query CODE $sql = "SELECT * FROM table WHERE row=1"; If you noticed
that I selected all of the rows in the table. Normally you will try to not select the entire table
from the database unless you absolutely want all of the table. I would recommend against....
Create An Animation With Powerpoint
(1) Create an Animation With Powerpoint Get your idea for the animation. Estimate how long
this story will take you and how many slides it will be and see if you still feel like doing it.
If you still want to try, create the layout for the first scene. Draw whatever background is
necessary for your story. Create/Draw the character(s). For the second slide, you don't
have to redraw the whole thing. Just duplicate the slide and move whatever needs to be moved for
the desired animation! Continue duplicating and repeating these steps for howev....
Any Website Provide Free Host Mysql Host?
(4) any website provide free host mysql host? i need it because i am using 000webhost.com now but it
only provide 2 mysql database... can i know where or how can i get more databases regards....
How To: Display A Members/user List.
With PHP, Mysql, and HTML. (3) Alright, some of you might want to display your User's or Members on your site. Notes: 1.This
is to fit in with Feelay's register and Log-in scripts you can find in the tutorial section. 2.I
made this to show the members of my site who is a member and what their ID is. First off, we must
set up a connection to our MySQL Database. CODE <?php $con =
mysql_connect("localhost","database_username","database_username_password�
4;); if (!$con) { die('Could not connect: ' .
mysql_error(....
How Do You Create A Vista?
(21) I'm wondering how people use computer software to create a vista. I know that I can go onto
Google or Yahoo! or whatever and download different vistas, but I was wondering if I could make
my own that would be realistic. What programs do you recommend? I would prefer free, open-source
software that preferably works on Linux. As for the companies providing CDs/packages of vistas, do
they actually create it themselves or do they have to go to take them? Just wondering.....
How To Create A "user Profile" Page.
No design (easy to add later if you want). (14) Hi! It was a long time ago I created a tutorial, so I've decided to create a new one
/wink.gif" style="vertical-align:middle" emoid=";)" border="0" alt="wink.gif" /> This time, I am
going to teach you, how to create a "user profile page". Lets say I am logged in on my account, and
want to view someone else account information (in this case, only his username, but you can add more
things later). Then I'll press on a link, that will take me to his user profile. But before
you can do that, you will have to create a register script, and a login script. If y....
Wiping Out A Hard Drive
Most secure method? (18) Ok I am disposing of my old Windows 98 computer and I am wiping out the hard drive for separate
disposal. I downloaded Darik's Boot and Nuke and extracted it to a floppy disk. I have
formatted my non-Windows partitions and deleted almost everything on the C: drive. I booted up from
the floppy and read through various screens explaining options and stuff. I started the wiping
procedure and I was supposed to select a method of wiping. There was Quick, the method used by the
RCMP, the method used by the Department of Defense (both quick and full) and Gutmann. I chose....
How To Create Your Own Proxy Site (free And Easy)
(13) Tired of your school blocking every new proxy site you find? Here's an answer. Check out
http://www.proxybuilder.com . After you fill in the information you want for your proxy site, it
will give you the download link for your files. Then all you have to do is upload the files you
download to your web host and you've got your own proxy website. If you find a free hosting
site, you can make as many of these as you want! NOTE***If your site gets blocked, just make
another account with the free hosting service. BUT UNDER NO CIRCUMSTANCES SHOULD YOU KEEP ALL ....
Login System Using A Mysql Db
How do i do this? (5) Hi guys, ive got a registration system that looks something like the one below: Firstname:
Lastname: Then i have inset.php, which looks like the following: $con =
mysql_connect("localhost","autobot","abc123"); if (!$con) { die('Could not connect:
' . mysql_error()); }mysql_select_db("my_db", $con);$sql="INSERT INTO person
(username, password) VALUES ('$_POST ','$_POST ')";if
(!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record
added";mysql_close....
How Do I Create Static Routes In Windows Xp?
(11) Here's my setup: My PC connects to my Internet facing wireless router via a USB-pluggable
wireless NIC, the IP address of which is 192.168.1.2 (netmask 255.255.255.0). The IP address of my
router's LAN port is 192.168.1.1. The NIC which is embedded in the motherboard has remained
disabled so far. Everything works OK, but I recently got a hold of a crossover cable, and I started
using it to connect a laptop to my PC. So I enabled the embedded NIC on the PC and gave it an IP
address of 192.168.2.2 (netmask 255.255.255.0, default gateway 192.168.2.2). The laptop&....
Php Tutorial: Making A Shoutbox
Requirements: PHP, MySQL (12) Hi everyone, I'm going to tell you how to make a simple shoutbox using PHP and MySQL. To start
off, open up mysql in the command line, or phpmyadmin, and create a database called shoutbox. Next,
enter the following sql into the command line, or the phpmyadmin sql box, while using the shoutbox
database: CODE create table messages(author varchar(30), message text, time
timestamp, mid int auto_increment, primary key(mid)); This creates the table we need
to store the messages, note the "mid" column, this gives each message a seperate id nu....
Qupis : Free Cpanel Web Hosting (one Line Text Ad At Bottom)
150 MB space, 10000 MB Bandwidth, php, mysql, CPanel (10) Hello Members, We are proud to introduce a new member to Xisto group of sites.
Qupis : Free Web Hosting 150 MB space, 5000 MB Bandwidth, php,
mysql, CPanel (Latest). Emails, FTP, Addon domains, Parked Domains etc.
http://www.Qupis.com
Feel free to add your reviews and comments about it. -AstaHost
Management ....
Navcat For MySQL
is Navcat any good? (9) Hello all, i ve recently come across NavCat (GUI tool) for MySQL. I have not bought a copy yet, just
played around with the demo. Has any one used it beore, if so please let me know if its worth
buying. I already have PhpMyadmin, Just wanna know if NavCat is better than PhpMyAdmin in usibility
and functionality. Regards....
PHP & MySQL: Displaying Content From A Given ID
(6) Okay so I got this sample link (not working): http://www.acosta.com/joo.asp?id=654 Now suppose
I have a PHP file that would use MySql in order to get all values in the row where id 654 is found.
Here's a sample DB: Table: demnyc ______________________________________ | id |
Name | Age | Email | *----------------------------------------------------* | 1
| Albert | 17 | no email |
*----------------------------------------------------* | 2 | YaPow | 888 |
no email | |__________....
Can You Create A Folder Name "con"
Is it possible to create a folder named "CON" in Windows? (19) I tried in both Windows XP Home and Professional. If you try to make a folder named "CON" Windows XP
renames it back to what it was. So creating a new folder with the name "CON" just renames it to "New
Folder". The bug seems like a variable that got treated as a string or vice-versa. Trying to create
the folder from a cmd prompt failed with an error "The directory name is invalid.". This also works
when you try to create a file called "CON", or "CON.". ".CON" shows up the way it should. Somewhere
I found the reason that CON stands for CONsole which is device name but....
How To Create Exe File In Java?
(13) Dear friends I came to know that one can build exe files from java application. How this is
possible? According to me there is no such method in java to cerate exe files. However Microsoft
used to provide a free system development kit (SDK), for Java, which includes the jexegen tool. But
one need install Microsoft Java Virtual Machine to run such application. Some people suggest
InstallAnyWhere.....
Important: Basics Of Using PHP And MySQL
(10) I generally notice confusion with new users to PHP and or MySQL and first of all I believe that
unlike HTML which is automatically associated with a IE browser in a Microsoft system. HTML is
automatically rendered with whatever browser is the default browser, be it Internet Expolrer Firefox
Netscape or any other browser that has been set. PHP is a different matter to view the output of a
PHP file it must be run on a webserver, and if you do not have one set up on your local PC it simply
will not work. (Note serverside langauge requies a server) HTML is client side and ....
MySQL Output Database Question
(18) I am new to MySql and have just created a database after using a script. My problem is not the
script, but what it says about putting it into the output file. I cant figure out the right terms
to put it in, I keep getting errors. I try using; SELECT*FROM 'database name' WHERE
'location' but it isnt working. I'm lost with this stuff, I really am. Can someone
please help me out?....
Help Me Create A Text-based, Turn-based Game
Similar to X-kings, Inselkampf, Ogame, Travian,etc.. (10) Can anyone help me create a game similar to the ones mentioned above? It isn't intended to have
lots of graphics, but maybe a few... Any response will be much appreciated.....
[PHP + MySQL] Encrypting Data
To protect the password of your DB, for example. (11) Hi! This is my 2nd code of PHP + MySQL. This code is VERY simple: it encript the data in the
MySQL DB. Here we go! ------------------------------------------------------------------------
CODE <?php $password = "abc"; $new_password = md5($password);
echo $new_password; ?> The password "abc" was codfied using md5() This will be:
900150983cd24fb0d6963f7d28e17f72 CODE <?php $normal_pass = "abc";
$encripted_pass = "900150983cd24fb0d6963f7d28e17f72"; if(md5($norm....
You Cannot Create A File Named Con
(9) did you know, that on MS Word, you cannot name a document con? nobody can figure out why!
....
How To Create "ghost" Images (norton) On Windows
(47) Hi, I'm tired of wasting so much time on a site when I have to reinstall Windows from scratch.
Want to speed up the process a little since I have to install Windows XP, any Service Packs, Norton
Antivirus and Microsoft AntiSpyware for the computers. I want to create images of good working
Window states, but have some questions. 1. How much faster would this be compared to reinstalling
everything manually? I will be doing this from an external hard drive. 2. What are the chances of
an image not working assuming that the image created is good? I heard that these ....
Recover Tables From A MySQL .frm File
(8) I have a couple of .frm files with no corresponding data or index files. Is it possible to recover
the table structure (field names, types, sizes, rows,col, etc) from these files? The table type is
innodb....
How To: Create PDF With Php
Create on-the-fly PDF on the web server (18) In this tutorial, we will explore the possibilities of generating a PDF file - on-the-fly - with
PHP. The samples that are presented can be run on astahost.com. Why would we want to generate a
PDF on-the-fly ? Well, we might want to include in the PDF some data that must be entered by our
surfer, by means of a html form. Or we might want to include in the PDF some data that comes from a
database that is updated by another process. Or some other reason. You invent one. All reasons are
legit! (1) The first thing to do, when we want to generate a PDF file with PHP....
MySQL Realtime Replication
how to replicate mysql in realtime (4) i dont know if this might be useful to ppl here, but this is a very good knowledge for serious
siteadmins. while i was digging for mysql backup techniques, i've found that mysql is able to
do realtime replication. the idea is that there are master server and slave server. both are having
the same version of mysql installed. the data flows; Master >copy> Slave ( in realtime!)
you'll never have to manually copy the database file of wasting your time to manually use the
mysqldump command. here are the links; http://dev.mysql.com/doc/mysql/en/Replication_HOW....
Create Ur Own Avatar
(12) CODE http://www.funnypics.cc/media/create_your_avatar.swf goto the above site. create
the avatar. AFter creating Press PRINT SCRN in ur keyboard to copy the whole Picture. Use a
mspaint/photoshop to resize the avatar. If u need to resize the avatar u can download the tool from
here CODE http://www.j-q-l.freeserve.co.uk/avatarsizer.htm If u wan animated avatars go
here CODE http://www.gifworks.com/ ....
How to create a guestbook with php !!!
Create your own guestbook. (7) Before you begein you need to create a database and in this database to create a table called
"comentarii". This table should have this fields:
+-----------------+------------------+------+-----+---------+----------------+ | Field
| Type | Null | Key | Default | Extra |
+-----------------+------------------+------+-----+---------+----------------+ | id_comentariu |
int(10) unsigned | | PRI | NULL | auto_increment | | nume_utilizator | text |
YES| |NULL | | | adresa_email ....
Looking for create, secure, loging, php, mysql
|
*RANDOM STUFF*
*SIMILAR VIDEOS*
Searching Video's for create, secure, loging, php, mysql
| Similar | | Mysql Overhead |
| What You Need Before You Can Create A Text-based Game.. - Using PHP, HTML and MySQL |
| Create An Ftp Server On Your Pc With Serv-u - Create An Ftp Server On Your Pc With Serv-u |
| Mysql Multiple Tables |
| Create An Animation With Powerpoint |
| Any Website Provide Free Host Mysql Host? |
| How To: Display A Members/user List. - With PHP, Mysql, and HTML. |
| How Do You Create A Vista? |
| How To Create A "user Profile" Page. - No design (easy to add later if you want). |
| Wiping Out A Hard Drive - Most secure method? |
| How To Create Your Own Proxy Site (free And Easy) |
| Login System Using A Mysql Db - How do i do this? |
| How Do I Create Static Routes In Windows Xp? |
| Php Tutorial: Making A Shoutbox - Requirements: PHP, MySQL |
| Qupis : Free Cpanel Web Hosting (one Line Text Ad At Bottom) - 150 MB space, 10000 MB Bandwidth, php, mysql, CPanel |
| Navcat For MySQL - is Navcat any good? |
| PHP & MySQL: Displaying Content From A Given ID |
| Can You Create A Folder Name "con" - Is it possible to create a folder named "CON" in Windows? |
| How To Create Exe File In Java? |
| Important: Basics Of Using PHP And MySQL |
| MySQL Output Database Question |
| Help Me Create A Text-based, Turn-based Game - Similar to X-kings, Inselkampf, Ogame, Travian,etc.. |
| [PHP + MySQL] Encrypting Data - To protect the password of your DB, for example. |
| You Cannot Create A File Named Con |
| How To Create "ghost" Images (norton) On Windows |
| Recover Tables From A MySQL .frm File |
| How To: Create PDF With Php - Create on-the-fly PDF on the web server |
| MySQL Realtime Replication - how to replicate mysql in realtime |
| Create Ur Own Avatar |
| How to create a guestbook with php !!! - Create your own guestbook. |
|
advertisement
|
|
