The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Can anyone point me in the right direction to allow secure logging in of users on a PHP based site using session vars and a mySQL backend database? Preferably encrypted so third prty's cant view data being passed back and forth?
Cheers. Away soon, so It'll be tomorrow before i can reply.
Cheers. Away soon, so It'll be tomorrow before i can reply.
Cheers. MD5 and Session vars are the way I'm going. MD5 was causing me problems as the mysql database only stored 16 chars as a max. MD5 is 32. Simple fix, increase database field to 32. Cool. Cheers!
monkey_man wrote:
> For logins I made a script that checks the form password against a
> password stored online, then makes a cookie saying 'true' or 'false',
> depending. The user can't set their own cookies for my domain, so
> this way doesn't give away the password but is secure enough.
A user with the right software could easily set a cookie on their PC saying true or false. Wouldn't be too hard at all - a cookie is only a text file.
> For logins I made a script that checks the form password against a
> password stored online, then makes a cookie saying 'true' or 'false',
> depending. The user can't set their own cookies for my domain, so
> this way doesn't give away the password but is secure enough.
A user with the right software could easily set a cookie on their PC saying true or false. Wouldn't be too hard at all - a cookie is only a text file.
Tyla wrote:
> you still bound to
> get the occassional user like myself, who deletes all his cookies
> after every session!:)
Then you have to sign again!
For logins I made a script that checks the form password against a password stored online, then makes a cookie saying 'true' or 'false', depending. The user can't set their own cookies for my domain, so this way doesn't give away the password but is secure enough.
> you still bound to
> get the occassional user like myself, who deletes all his cookies
> after every session!:)
Then you have to sign again!
For logins I made a script that checks the form password against a password stored online, then makes a cookie saying 'true' or 'false', depending. The user can't set their own cookies for my domain, so this way doesn't give away the password but is secure enough.
Nimco wrote:
> Use something like the MD5 encryption algorithm to encrypt your
> passwords and place them encrypted in the database. Then when you
> want a user to login, store the MD5 encrypyted password they enter in
> a cookie and compare to the database. This way the password is never
> seen in it's unencrypted form.
Shouldn't rely on cookies anymore. Especially due to Privacy laws now in force. Although MD5 would work well like this, you still bound to get the occassional user like myself, who deletes all his cookies after every session!:)
> Use something like the MD5 encryption algorithm to encrypt your
> passwords and place them encrypted in the database. Then when you
> want a user to login, store the MD5 encrypyted password they enter in
> a cookie and compare to the database. This way the password is never
> seen in it's unencrypted form.
Shouldn't rely on cookies anymore. Especially due to Privacy laws now in force. Although MD5 would work well like this, you still bound to get the occassional user like myself, who deletes all his cookies after every session!:)
Pandaemonium wrote:
> Can anyone point me in the right direction to allow secure logging in
> of users on a PHP based site using session vars and a mySQL backend
> database? Preferably encrypted so third prty's cant view data being
> passed back and forth?
>
> Cheers. Away soon, so It'll be tomorrow before i can reply.
I always thought is was as esy as deciding wether to use POST or GET? MD5 is a good way to go, otherwise use HTTPS
> Can anyone point me in the right direction to allow secure logging in
> of users on a PHP based site using session vars and a mySQL backend
> database? Preferably encrypted so third prty's cant view data being
> passed back and forth?
>
> Cheers. Away soon, so It'll be tomorrow before i can reply.
I always thought is was as esy as deciding wether to use POST or GET? MD5 is a good way to go, otherwise use HTTPS
Use something like the MD5 encryption algorithm to encrypt your passwords and place them encrypted in the database. Then when you want a user to login, store the MD5 encrypyted password they enter in a cookie and compare to the database. This way the password is never seen in it's unencrypted form.
Can anyone point me in the right direction to allow secure logging in of users on a PHP based site using session vars and a mySQL backend database? Preferably encrypted so third prty's cant view data being passed back and forth?
Cheers. Away soon, so It'll be tomorrow before i can reply.
Cheers. Away soon, so It'll be tomorrow before i can reply.