dcsimg
www.webdeveloper.com
Results 1 to 6 of 6

Thread: login/password system

  1. #1
    Join Date
    Jul 2008
    Posts
    16

    login/password system

    help me in making a small user login/password system where users are authenticated by a system. Lets provide session support as well so that the sessions are stored and when the comes to the site he is logged in automatically

  2. #2
    Join Date
    Jul 2008
    Posts
    85
    Fairly easy, many ways to do it but there are a lot of security implications in any method you take, but for simplicity do this.

    Make a users table in MySQL and a session table to store PHPSESSIONID and user ID.

    Check the username and password against records in the user table, if they pass, let them log in and add a logged in $_SESSION.

    Once logged in, get PHPSESSIONID, write that to a $_COOKIE and set the cookie to expire when you want the user to log out (idle time, remember to update it on page refresh though, or don't add one at all to keep them logged in). Write the session ID to the table along with the user id.

    When they visit the site next, if the cookie exists check the session table for their ID and set a $_SESSION for logged in again. Make sure you don't overwrite the PHPSESSIONID because otherwise it will log you out when you refresh.

    A very basic system with loads of room for improvement but hopefully you will get what I mean.

    Don't store passwords in cookies, and you need to watch out for cookie hijacking that can steal your session ID. You might also want to include IP address and User Agent in the sessions table for additional checks. If a cookie is hijacked, the IP address and user agents might be different, and the user won't log in.

    This forces them to log in again, and if they can't, they're probably not the account owner.

  3. #3
    Join Date
    Jul 2008
    Posts
    16
    can u please give it in a code form..

    thanx for ur time sir..,

  4. #4
    Join Date
    Aug 2008
    Posts
    5
    Have a look at http://www.homeandlearn.co.uk/php/php14p1.html to give you an idea of what to do

  5. #5
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    1,046

  6. #6
    Join Date
    Jul 2008
    Posts
    85
    aman, I'm not going to write anything because you won't learn anything if I did, you need to understand what it is you're coding and what everything does.

    When you visit a site, a cookie is created called PHPSESSID, just write that to a session table along with user ID and IP address and to another cookie so it isn't overwritten. If the new cookie doesn't exist, they're logged out. If it does exist and their session is in the session table, and their IP address is the same, log them in, otherwise, log them out.

    It's very, very simple.

    Phill, that link wouldn't work..

    "Precondition Failed

    We're sorry, but we could not fulfill your request for /article/PHP_Login_System_with_Admin_Features/17/60384/"

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles