Results 1 to 7 of 7

Thread: how are logins done?

  1. #1
    13
    posts
    Registered User

    Recycle Bin how are logins done?

    im not sure how logins are made.... i have created a object which has a function called login, when called it uses this->username and this->password to login, which is set by the __construct... it then query's the database for

    SELECT * FROM authUsers WHERE fldUsername=? AND fldPassword=?

    So now im not sure what to do after this, do i create a session which carries this object in session vars, and using this->loged (boolean) within the object to check if the user is loged in on every page that requires login ?

    and is it safe to carry around the username and password in this object, which is carried around in the Session Vars...

    Thanks in advance
    ( -Peeki )

  2. #2
    1,839
    posts
    Registered User
    I wouldnt store the username or password in sessionvariabls I would make a random hash and store as a userid to check against later
    but theres plenty of premade php/mysql login systems out there that are pretty damn secure...

  3. #3
    13
    posts
    Registered User
    Quote Originally Posted by joran420 View Post
    I wouldnt store the username or password in sessionvariabls I would make a random hash and store as a userid to check against later
    but theres plenty of premade php/mysql login systems out there that are pretty damn secure...
    where can i get these premade php/mysql login systems

  4. #4
    1,839
    posts
    Registered User

  5. #5
    1,627
    posts
    hugeExplosions = true;
    It's simple to do your own login - a simple permission denied is easy.

    Instead of storing user/pass in session vars you just store the login 'level' or something like that. That way on each page you can check their login level and redirect them if its not sufficient

    Simply hash the users password in the database, hash their password attempt and compare hashes, if they match then get the user data from the database and store the login level in session.

    If the user comes to a place they shouldnt be without a certain login level then they should be redirected
    MS Paint FTW!


  6. #6
    13
    posts
    Registered User

    Robot1

    Quote Originally Posted by Charleh View Post
    It's simple to do your own login - a simple permission denied is easy.

    Instead of storing user/pass in session vars you just store the login 'level' or something like that. That way on each page you can check their login level and redirect them if its not sufficient

    Simply hash the users password in the database, hash their password attempt and compare hashes, if they match then get the user data from the database and store the login level in session.

    If the user comes to a place they shouldnt be without a certain login level then they should be redirected
    thanks, ill make it so my object doesnt store thier hashed password, and username.. and just add params to the login function, then make the object store the User's "level" and carry the object around in a session..

    - Peeki

  7. #7
    There's a nice PEAR library for this, Auth.
    got pwnt?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012