secure login

Discussion in 'Javascript' started by Nath, Jan 2, 2004.

  1. Nath

    Nath Guest

    I know this may not be the best place to post this, but it's a start.

    I am new to writing web pages, and am writing a mysql driven website. I want
    to know how to setup a login page so a user only needs to login once during
    a session, so all queries against the MySQL database will proceed smoothly,
    without having to enter username/password again and again.

    I don't know if it is possible to open the connection to the database once
    during login, and then close it at the end, or if a connection needs to be
    opened for each query. I would also like to implement md5 for the password,
    but don't know how to go about it....i've had a play with javascript and
    php, but can't figure out exactly how to do this.

    Thanks for any help/pointers
    Nathan
     
    Nath, Jan 2, 2004
    #1
    1. Advertising

  2. In article <3ff54c24$0$397$>,
    DON'T_SEND_ME@TRIPE_TO_MY_IN.BOX says...
    > I know this may not be the best place to post this, but it's a start.
    >
    > I am new to writing web pages, and am writing a mysql driven website. I want
    > to know how to setup a login page so a user only needs to login once during
    > a session, so all queries against the MySQL database will proceed smoothly,
    > without having to enter username/password again and again.
    >
    > I don't know if it is possible to open the connection to the database once
    > during login, and then close it at the end, or if a connection needs to be
    > opened for each query. I would also like to implement md5 for the password,
    > but don't know how to go about it....i've had a play with javascript and
    > php, but can't figure out exactly how to do this.
    >
    > Thanks for any help/pointers


    Not JavaScript. I use PHP to check whether the user has authenticated
    by comparing PHP_AUTH_USER against a database. Get the code from
    http://usenet.hyweljenkins.co.uk/authenticate.php.txt
    and include it at the top of every page.

    The table "phusers" just has two fields, UserName and Password, both
    TINYTEXT in this case.

    --
    Hywel I do not eat quiche
    http://hyweljenkins.co.uk/
    http://hyweljenkins.co.uk/mfaq.php
     
    Hywel Jenkins, Jan 2, 2004
    #2
    1. Advertising

  3. [OT] Re: secure login

    On Fri, 2 Jan 2004 10:46:58 -0000, Nath <DON'T_SEND_ME@TRIPE_TO_MY_IN.BOX>
    wrote:

    > I know this may not be the best place to post this, but it's a start.
    >
    > I am new to writing web pages, and am writing a mysql driven website. I
    > want to know how to setup a login page so a user only needs to login
    > once during a session, so all queries against the MySQL database will
    > proceed smoothly, without having to enter username/password again and
    > again.
    >
    > I don't know if it is possible to open the connection to the database
    > once during login, and then close it at the end, or if a connection
    > needs to be opened for each query. I would also like to implement md5
    > for the password, but don't know how to go about it....i've had a play
    > with javascript and php, but can't figure out exactly how to do this.


    JavaScript shouldn't have any part to play in this; it can, and should,
    all be done with PHP or some other server-side language.

    Use SSL (https: protocol) to provide the security you need. Using
    JavaScript to hash the password using the MD5 algorithm is dangerous: the
    user might not have JavaScript enabled. You'll want to hash the password
    when it's stored on the server, but perform the hashing server-side.

    PHP has a hashing library (Mhash), capable of MD5 and SHA1 (Secure Hash
    Algorithm), but it won't necessarily be built-in. There should be plenty
    of reference implementations to be found on the Web that you could easily
    re-write with PHP if needed.

    Mike


    Check-out the PHP newsgroups - they are on their own server,
    news://news.php.net/
    There's also a standard PHP newsgroup, comp.lang.php

    --
    Michael Winter
    d (replace ".invalid" with ".uk" to reply)
     
    Michael Winter, Jan 2, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,471
    Teemu Keiski
    Jun 8, 2004
  2. Daniel Malcolm
    Replies:
    0
    Views:
    566
    Daniel Malcolm
    Jan 24, 2005
  3. zdrakec
    Replies:
    1
    Views:
    443
    zdrakec
    Jul 25, 2005
  4. Joe
    Replies:
    5
    Views:
    975
    Steven Cheng[MSFT]
    Dec 13, 2005
  5. verbal kint
    Replies:
    1
    Views:
    556
    Sudsy
    Sep 4, 2004
Loading...

Share This Page