secure login

Re: secure login

In article <3ff54c24$0$397 $afc38c87@news. ukonline.co.uk> ,
DON'T_SEND_ME@T RIPE_TO_MY_IN.B OX says...[color=blue]
> I know this may not be the best place to post this, but it's a start.
>
> I am new to writing web pages, and am writing a mysql driven website. I want
> to know how to setup a login page so a user only needs to login once during
> a session, so all queries against the MySQL database will proceed smoothly,
> without having to enter username/password again and again.
>
> I don't know if it is possible to open the connection to the database once
> during login, and then close it at the end, or if a connection needs to be
> opened for each query. I would also like to implement md5 for the password,
> but don't know how to go about it....i've had a play with javascript and
> php, but can't figure out exactly how to do this.
>
> Thanks for any help/pointers[/color]

Not JavaScript. I use PHP to check whether the user has authenticated
by comparing PHP_AUTH_USER against a database. Get the code from

and include it at the top of every page.

The table "phusers" just has two fields, UserName and Password, both
TINYTEXT in this case.

--
Hywel I do not eat quiche

[OT] Re: secure login

On Fri, 2 Jan 2004 10:46:58 -0000, Nath <DON'T_SEND_ME@ TRIPE_TO_MY_IN. BOX>
wrote:
[color=blue]
> I know this may not be the best place to post this, but it's a start.
>
> I am new to writing web pages, and am writing a mysql driven website. I
> want to know how to setup a login page so a user only needs to login
> once during a session, so all queries against the MySQL database will
> proceed smoothly, without having to enter username/password again and
> again.
>
> I don't know if it is possible to open the connection to the database
> once during login, and then close it at the end, or if a connection
> needs to be opened for each query. I would also like to implement md5
> for the password, but don't know how to go about it....i've had a play
> with javascript and php, but can't figure out exactly how to do this.[/color]

JavaScript shouldn't have any part to play in this; it can, and should,
all be done with PHP or some other server-side language.

Use SSL (https: protocol) to provide the security you need. Using
JavaScript to hash the password using the MD5 algorithm is dangerous: the
user might not have JavaScript enabled. You'll want to hash the password
when it's stored on the server, but perform the hashing server-side.

PHP has a hashing library (Mhash), capable of MD5 and SHA1 (Secure Hash
Algorithm), but it won't necessarily be built-in. There should be plenty
of reference implementations to be found on the Web that you could easily
re-write with PHP if needed.

Mike


Check-out the PHP newsgroups - they are on their own server,
news://news.php.net/
There's also a standard PHP newsgroup, comp.lang.php

--
Michael Winter
M.Winter@blueyo nder.co.invalid (replace ".invalid" with ".uk" to reply)