secure login

N

Nath

I know this may not be the best place to post this, but it's a start.

I am new to writing web pages, and am writing a mysql driven website. I want
to know how to setup a login page so a user only needs to login once during
a session, so all queries against the MySQL database will proceed smoothly,
without having to enter username/password again and again.

I don't know if it is possible to open the connection to the database once
during login, and then close it at the end, or if a connection needs to be
opened for each query. I would also like to implement md5 for the password,
but don't know how to go about it....i've had a play with javascript and
php, but can't figure out exactly how to do this.

Thanks for any help/pointers
Nathan
 
H

Hywel Jenkins

I know this may not be the best place to post this, but it's a start.

I am new to writing web pages, and am writing a mysql driven website. I want
to know how to setup a login page so a user only needs to login once during
a session, so all queries against the MySQL database will proceed smoothly,
without having to enter username/password again and again.

I don't know if it is possible to open the connection to the database once
during login, and then close it at the end, or if a connection needs to be
opened for each query. I would also like to implement md5 for the password,
but don't know how to go about it....i've had a play with javascript and
php, but can't figure out exactly how to do this.

Thanks for any help/pointers

Not JavaScript. I use PHP to check whether the user has authenticated
by comparing PHP_AUTH_USER against a database. Get the code from
http://usenet.hyweljenkins.co.uk/authenticate.php.txt
and include it at the top of every page.

The table "phusers" just has two fields, UserName and Password, both
TINYTEXT in this case.
 
M

Michael Winter

I know this may not be the best place to post this, but it's a start.

I am new to writing web pages, and am writing a mysql driven website. I
want to know how to setup a login page so a user only needs to login
once during a session, so all queries against the MySQL database will
proceed smoothly, without having to enter username/password again and
again.

I don't know if it is possible to open the connection to the database
once during login, and then close it at the end, or if a connection
needs to be opened for each query. I would also like to implement md5
for the password, but don't know how to go about it....i've had a play
with javascript and php, but can't figure out exactly how to do this.

JavaScript shouldn't have any part to play in this; it can, and should,
all be done with PHP or some other server-side language.

Use SSL (https: protocol) to provide the security you need. Using
JavaScript to hash the password using the MD5 algorithm is dangerous: the
user might not have JavaScript enabled. You'll want to hash the password
when it's stored on the server, but perform the hashing server-side.

PHP has a hashing library (Mhash), capable of MD5 and SHA1 (Secure Hash
Algorithm), but it won't necessarily be built-in. There should be plenty
of reference implementations to be found on the Web that you could easily
re-write with PHP if needed.

Mike


Check-out the PHP newsgroups - they are on their own server,
news://news.php.net/
There's also a standard PHP newsgroup, comp.lang.php
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top