|
secure login
I know this may not be the best place to post this, but it's a start.
I am new to writing web pages, and am writing a mysql driven website. I want to know how to setup a login page so a user only needs to login once during a session, so all queries against the MySQL database will proceed smoothly, without having to enter username/password again and again. I don't know if it is possible to open the connection to the database once during login, and then close it at the end, or if a connection needs to be opened for each query. I would also like to implement md5 for the password, but don't know how to go about it....i've had a play with javascript and php, but can't figure out exactly how to do this. Thanks for any help/pointers Nathan |
Re: secure login
In article <3ff54c24$0$397$afc38c87@news.ukonline.co.uk>,
DON'T_SEND_ME@TRIPE_TO_MY_IN.BOX says... > I know this may not be the best place to post this, but it's a start. > > I am new to writing web pages, and am writing a mysql driven website. I want > to know how to setup a login page so a user only needs to login once during > a session, so all queries against the MySQL database will proceed smoothly, > without having to enter username/password again and again. > > I don't know if it is possible to open the connection to the database once > during login, and then close it at the end, or if a connection needs to be > opened for each query. I would also like to implement md5 for the password, > but don't know how to go about it....i've had a play with javascript and > php, but can't figure out exactly how to do this. > > Thanks for any help/pointers Not JavaScript. I use PHP to check whether the user has authenticated by comparing PHP_AUTH_USER against a database. Get the code from http://usenet.hyweljenkins.co.uk/authenticate.php.txt and include it at the top of every page. The table "phusers" just has two fields, UserName and Password, both TINYTEXT in this case. -- Hywel I do not eat quiche http://hyweljenkins.co.uk/ http://hyweljenkins.co.uk/mfaq.php |
[OT] Re: secure login
On Fri, 2 Jan 2004 10:46:58 -0000, Nath <DON'T_SEND_ME@TRIPE_TO_MY_IN.BOX>
wrote: > I know this may not be the best place to post this, but it's a start. > > I am new to writing web pages, and am writing a mysql driven website. I > want to know how to setup a login page so a user only needs to login > once during a session, so all queries against the MySQL database will > proceed smoothly, without having to enter username/password again and > again. > > I don't know if it is possible to open the connection to the database > once during login, and then close it at the end, or if a connection > needs to be opened for each query. I would also like to implement md5 > for the password, but don't know how to go about it....i've had a play > with javascript and php, but can't figure out exactly how to do this. JavaScript shouldn't have any part to play in this; it can, and should, all be done with PHP or some other server-side language. Use SSL (https: protocol) to provide the security you need. Using JavaScript to hash the password using the MD5 algorithm is dangerous: the user might not have JavaScript enabled. You'll want to hash the password when it's stored on the server, but perform the hashing server-side. PHP has a hashing library (Mhash), capable of MD5 and SHA1 (Secure Hash Algorithm), but it won't necessarily be built-in. There should be plenty of reference implementations to be found on the Web that you could easily re-write with PHP if needed. Mike Check-out the PHP newsgroups - they are on their own server, news://news.php.net/ There's also a standard PHP newsgroup, comp.lang.php -- Michael Winter M.Winter@blueyonder.co.invalid (replace ".invalid" with ".uk" to reply) |
| All times are GMT. The time now is 10:54 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.