开发者

Secure Login in PHP [closed]

问答 作者:
Closed. This question needs to be more focused. It is not currently accepting answers.
开发者_如何学JAVA

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 9 years ago.

Improve this question

What is a secured login? How do I develop one in PHP? Please keep in mind that I'm just a beginner in PHP.

I would suggest getting an OpenID solution to incorporate in your website.

For example: PHP OpenID Library

Other than OpenID, this article will give you a good start in the basics of a PHP login

a better question would be : how can call a php login app "secure"?

here are some pointers (i'm quite new to php too, so pls bear with me)

  1. secure connection (via SSL)
  2. hashed passwords when stored to database (one-way hashing is recommended)
  3. validation - make sure that you impose certain character limits (max/min password, username, email, etc), characters are in the format you expect...etc...

here are implementations

  1. redirect your http://www.site.com/loginpage.php to something like https://yoursite.com/login.php
  2. hashed password = study md5 hashing with salt or if you want to make your life easier, use phpass( no need for salts, one way hashing, built by a "pro")
  3. validation - use php's buiilt in validation functions or construct your own regular expressions (or better yet use validation libraries)

sorry to have no links for resources, but google-ing them up is quite easy

A secure login system is typically not much more than giving a user a cookie (see php sessions) and then checking for that cookie on every 'secure' page. A user would obtain this by logging in, which you can do with openid or by storing usernames and passwords.

Only to add to the aforementioned points -

One of the most important things to protect against in php logins and forms that rely on database access in general is sql injection.

Wiki article

Brief example

This most commonly occurs with poorly sanitized inputs. Using mysql_real_escape_string() provides general protection. With the advent of OOP in PHP 5, it's highly advantageous to consider using the PDO extension for PHP to make parameterized sql statements at the point the mysql server executes them.

An explanation and examples of PDO in PHP

继续阅读:authenticationphpsecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9