The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
I'm using md5 to hash the passwords..
Looking for other ways that you can hash or encrypt passwords using php.
Is there any advantages to using sessions over passing information in the url with posts and gets to pass information between pages? Or is there other ways? Which would be better?
Thanks
I'm using md5 to hash the passwords..
Looking for other ways that you can hash or encrypt passwords using php.
Is there any advantages to using sessions over passing information in the url with posts and gets to pass information between pages? Or is there other ways? Which would be better?
Thanks
Er, and other things, I guess.
Sending data by POST requires the user to "submit" the data each time, like on a form. For example, if you wanted to use POST to ensure a user stays logged on, you would need to send some information that could authorise them to each page - i.e. every link would be a form in its own right. If they left your site and came back, they would be logged out.
Sending data by GET limits you to the length, since the entire page address can't be more than 255 characters if I remember correctly. Also, all the information is readily to view and easily modified. You wouldn't want to be putting someone's password in a GET string.
Sessions are generally the best for authentication. They stay logged in for the browser session (or until they log out). You can put lots of information in a session variable without having to resend it each time. Etc etc.
In general, use POST to send large amounts of data from a form, where it is being sent to a specific page for a specific purpose. Use GET to send small amounts of data to another page (e.g. you might have page.php?id=123 where 123 might be a page ID for page.php to call). Use sessions for authentication scripts, and to hold variables that are required for the session - shopping cart contents, username, etc.
> I'm using md5 to hash the passwords..
> Looking for other ways that you can hash or encrypt passwords using
> php.
Lookup crypt() and mcrypt() I think it is. They are other PHP functions that can be used - off hand I think one of them requires an extension.
I don't know if you want to use base_64_encode() as an example of an encoding but not encrypting function?
Will check them out.
When people register with my system they select a few options from pull down menus.
This data is added to a database, in the system they can also enter their details.
A form comes up and it shows some of the information they provided when registering but I can't get the pull down menus to work properly.
I can get them to show what they entered but this means that its repeated in the pull down menu, so I guess either this is the best way to do it or I'm making a mistake somewhere.
Is there a way to do this to get the menu to display whats in the table but without repeating it in the menu?
Thanks
I do have another small issue though.
When people register if they make a mistake like enter two different passwords the system returns an error and a link back to the registration form.
If they click the link all of the previously entered details disapear, but if they were to use the back button on the browser they remain.
Is there any way to get the form to repost the previously entered details when they click the link?
Cheers
Then within my object class
class object {
var property;
function checkvar($var) {
if(isset($var)) {
echo $var;
}
else {
echo "";
}
}
}
So when the form loads, it checks for an object, then checks what value that property holds, if something is there, echo it into the input, otherwise echo nothing.
Not sure if this is what you wanted, but it works for me.
Should be alright for demonstrating it as I know the browser I'll be using will have javascript enabled.
Thanks though
> Managed to get round it using quite a bit of code, not a great way of
> doing it but it will do.
>
> I do have another small issue though.
>
> When people register if they make a mistake like enter two different
> passwords the system returns an error and a link back to the
> registration form.
> If they click the link all of the previously entered details
> disapear, but if they were to use the back button on the browser they
> remain.
>
> Is there any way to get the form to repost the previously entered
> details when they click the link?
> Cheers
Why not just redirect them to the login page they were on using header() but then send a variable back to that page so it displays an error telling them they put the password in incorrectly.