开发者

Best login management solution without database in PHP

I am seeking a simple and best solution to manage user logins (username & password) in a private network (localhost) web page without setting up MySQL or any such database systems? I am running Apache with PHP. It will be helpful if anybody give a PHP dem开发者_开发百科o.


Depends on your webserver. Assuming apache, htpasswd for basic auth could be all you need.

Authentication, Authorization and Access Control gives the information you need to get started.


If you are using localhost, then wouldn't everyone have access to the filesystem?

I think the simplest solution is .htaccess though.


There are other solutions like that, but I can't find nicer links right now:

  • http://webscripts.softpedia.com/script/Authentication/AuthMan-Free-42216.html
  • http://www.phpkode.com./scripts/item/passwdauth/
  • http://www.hotscripts.com/listing/htaccess-manager-lite/
  • http://www.hotscripts.com/listing/needlock-access-management-system/
  • http://www.hotscripts.com/listing/dirlock/ (Ooops. Too many hotscripts links. So just saying: not affiliated with that. :] And certainly not endorsing it!)

Anyway. These scripts store usernames and passwords into a .htpasswd file. This can be used independently from the PHP script. .htaccess and .htpasswd is common authentication scheme for Apache webservers. See this tutorial: http://www.javascriptkit.com/howto/htaccess3.shtml or the Apache manual: http://httpd.apache.org/docs/2.0/howto/auth.html

You could use the class itself for authentication, but it doesn't look very current. The login management tool might be useful to you. (But again: there are probably easier ones to find.)


Have a look at www.mykonosphotographs.com/musas/

I'm still in the process of writing a download page, but I can email you the script if you're interested. Use the contact from on the site.

It's a major modification to a single-password system written by someone else, and I've added lots of extra functionality which you can use or not, as you like.

Currently free. It won't be as soon as I've got the downloads page sorted! ;-)

Edit - too late! The downloads page is now sorted.

New URL - http://www.myksoftware.com


nope.

unless you want to save all information to files (like csvs)

but this could be a security threat if anyone got access to the files (which is easier than gaining access to a database)

php doc for reading csv file


You can hide almost anything by various means.

For example, if your webspace provider permits it you can place files outside of your root directory. You can place files in a directory with some weird name like "jdf83usadj300p", with no link to them other than in php, which is parsed by serverside software without the clientside software ever seeing it. You can place passwords in a config file, if you call it something like "config.php" and make the first line:-

; <? php die(); ?>

Only an idiot would use the various javaScript "protection" methods out there like making the password the name of the next file. .htaccess can be cumbersome and can put people off. Far better make it attractive using server-side software.

If passwords are likely to be attacked, ALWAYS encrypt them. NEVER pass passwords from one page to another by GET method unless already encrypted. POST is more secure. md5 encrypting for most purposes is good, with encryption in-built in PHP and many algorithms out there freely available for javaScript. SHA-256 is almost the best there is fo almost any purpose. I don't think the US DoD or the UK MOD would be satisfied with it, but your local sports club's website (or similar) isn't exactly going to be a high-profile target for hackers.

Incidentally, blasteralfred, I sent you an email update. Hope you got it. Good luck!

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜