Posted by Geoff Berrow on 03/30/07 07:55

Message-ID: <460c3865$0$5814$4c368faf@roadrunner.com> from Ben contained
the following:

>First question is can someone direct me to a site or provide a sample code
>for a login page that prompts for user/password then either displays a
>message "Login Succeeded!" or "Login Failed!"

The process is to take the supplied username and password and do a
database query to see if there is a row containing that combination. Of
course, this presupposes that you ensured that the combination was
unique before storing in the database. If a row is found the log in is
successful.
>
>Second, how do I prevent users from bypassing the login? Session variable
>right? Need instructions on how to implement that.

On success a session variable is set. Each protected page needs code
which will check for the presence of the session variable. Additionally
or alternatively an expiring cookie may be set. Another way is to set a
timestamp in the db and check that has not expired each time.
>
>Lastly, what is the best, maybe I should word that differently, the most
>commonly used method for login encryption? I would like the password text
>physically in the DB to be encrypted text that is decrypted through the
>login process.

It's not usually decrypted, the hashes uses are usually one way.
Ideally the username and password are sent via an encrypted connection.
The reason for encrypting the passwords in the database is simple so
that the db admin does not know what they are. Passwords are encrypted
using a hash function before insertion into the db. When the user tries
to log in the hash function is used again and then the hashed version is
compared with the one in the db.

As others have pointed out, even supplying sample code will require a
lot of hand holding and it may be a better idea to establish and off
list relationship with someone here.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

• Next in forum: Encoding/characterset/font family confusion
• Prev in forum: Re: cURL and Loading Pages
• Thread view: Re: nooB PhP login using MySQL

[Reply to this message]