Introduction
If you have a website and want to keep some of the content on it secure against unauthorized users, you'll need a way to let authorized users log in to your system securely. A PHP script (in conjunction with a database management system, such as MySQL) using the PEAR library offers an effective interface between the user and your data.
Instructions
Difficulty: Moderately Challenging
Things You'll Need
User information database
PHP running on the server
Steps
1.Step OneUse a PHP form to handle logins. At the start of the script, validate the form. Add a check to see whether the user is logged in already. If so, abort the current login process.
2.Step TwoConnect to the database. The PHP script will have to include an administrative login and password that can access the database.
3.Step ThreeCreate a pointer to the database instead of letting the script access the database directly.
4.Step FourCheck and authenticate the user's login information by using the checkLogin method. Use a combination of user name, password, cookie and IP address for authentication. Store the password and cookie information as hashes.
5.Step FiveAllow login through the PHP script. If you choose, this is a good time to update the user's cookie.
6.Step SixSet the session variables by using the setSession method.
7.Step SevenUse the checkSession method to authenticate the user's information on every page.
Tips & Warnings
Make sure to add error handling at appropriate points in your code (after each check), to deal with the possibility of bad logins.
Use good database practices (unique user names, database roles and such) to ensure greater security.
Don't use obvious words like "admin" for your login name or "password" for your password. These are not secure, ever.
How to Create a Secure PHP Login Script?
-
Enjoiyourfate
- Posts: 36
- Joined: Tue Jan 17, 2006 5:38 pm
