|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
|
|
#1
May 30th, 2002, 07:00 AM
|
|||
|
|||
|
Ideal User Login And Management
Hi all,
i want to know, what the ideal feature fro user login and management with php and mysql? sometime i look at free user management script and i get the password was crypted by md5(), i don't know what is the advantage using this? and how to retrieve original password if in mysql the password was crypted? thnak's all -- deff
|
|
#2
May 30th, 2002, 06:46 PM
|
|||
|
|||
|
i think with md5 theirs a uncrypt fucntion or something (i could be wrong). still even if it doesnt it can still check the login like this
say your password is: devarticles (example only!) when its encrypted it looks something like this: sdkj32kj4897fkh9832kldfs08782lkn when you login, your password will be encrypted again and checked against the encrypted password in the database, sdkj32kj4897fkh9832kldfs08782lkn = sdkj32kj4897fkh9832kldfs08782lkn if your going to have a secure login/admin system, i suggest that you program your own for security reasons, if you use a pre-made system, your got a higher chance of being hacked into. hope this helps
|
|
#3
May 30th, 2002, 10:34 PM
|
|||
|
|||
|
Yep, I couldn't agree with Ben more. There isnt really a "general" perfect login system, but here are my tips:
- Use a secure server for the login page if you can - Encrypt both the username AND password for double security - Keep the database in a server that isn't connected to the net - Always verify user input to make sure that it's valid If you implement these steps then you really can't go wrong. The ideal login system should be secure, fast, flexible and encrypted if possible. There are many encryption libraries available for PHP, so maybe one of those might suite your needs?
|
|
#4
May 30th, 2002, 10:52 PM
|
|||
|
|||
|
just a tip, instead of using sessions to store the data, use a database to store the session id, ip and what ever other data you need, a db is more secure than sessions
|
|
#6
May 30th, 2002, 11:35 PM
|
|||
|
|||
|
i just did some research on md5 and it seems theirs no unencrypt function, so unless their is another way, i dont think you can retrive the password, i think the reason why is becuase if their was a uncrypt function it would make it easy for someone to uncrpty your password and use it to get in the front door
|
|
#7
March 25th, 2004, 11:54 AM
|
|||
|
|||
|
Developer
I think the md5 is just a one-way encryption designed to make sure
no one can decrypt and see the values back. Only the encrypted values can be compared with the previously encrypted to authenticate. If you want this capability try DES3 ro something else
|
|
| Viewing: Dev Articles Community Forums > Programming > General Programming Help > Ideal User Login And Management |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
