How to build login page using cookies?
I'm looking for a short tutorial about creating a login page for a website using cookies.
Each user has a username
and a password
.
Should I save both the username
and the password
in 开发者_Python百科the cookies ? or just the username
may be enough ?
Can a malicious user steal somehow these cookies and pass the authorization ?
It's not a good idea to store the password in the cookie. If you store just a username, your system is basically completely unsecure. Remember that the client has complete control over the contents of cookies it sends to the server. It can send any username it wants. You should create an authorization token for the specific session (probably with an expiration time associated with it) and store that in the cookie. To prevent tampering with the cookie, you should sign (and encrypt) it on the server and validate the signature.
That said, doing that correctly is not an easy task. Don't reinvent the wheel. Use the authentication mechanisms provided by your platform.
There are many ways to do authentication in PHP. Just google one http://www.developertutorials.com/scripts/script-details/307067.php
You will want to store you user's passwords in a database, and keep obfuscate them in some way. PHP has a built-in function called md5().
Here's a guide on php.net to help you through.
http://php.net/manual/en/features.http-auth.php
I'f you're having trouble grasping these concepts, then I'd recommend working through a php framework. My framework of choice is cakePHP, which makes stuff like authentication a breeze (another top framework is Code Igniter).
精彩评论