|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
Stay one step ahead of the competition. Evaluate and give feedback
on some of the hottest web development tools on the market today.
Make your opinion heard! Click
Here
|
|
#1
May 25th, 2003, 01:37 AM
|
|||
|
|||
|
Members Area Question
Hey guys
I am trying to make a members area for my website. I know that most of you guys use sessions when it comes to members login. I have seen that on the most of the tutotials about member areas people use sessions. I know that sessions are secure but I am not using them for my members area. The way I am doing it is that: - when the member fill in the sign up form I make for him random password and convert that password with md5() before I insert it into the database. - when the member try to login I check for userId and password and if they are correct I use them like a variables for the each page that I pass through the url. Here is the example of the url for my members area. ( URL ) - what I do I check at the top of each page are the user name and password correct PHP Code:
and the check function is someting like that: PHP Code:
So basicaly my question is not about conding. I just haven't seen that method anywhere. It is pretty efficient for me but is it secure?. Is that the reason why nobody use it?
|
|
#2
May 25th, 2003, 09:35 AM
|
|||
|
|||
|
Re: Members Area Question
Quote:
That's exactly why it's not used... It's not a secure method, as the username and password are visible in the URL... Although your password is encrypted, the user information is made available, and can be abused... If you're looking for a simple tutorial on authentication, check out this article... Hope this helps...
__________________
____________________________________________ Developer Shed Weekly Writer | DevArticles Forum Moderator Build Your Own KlipFolio Klip With PHP FrankManno.com - Under Construction Design Interactive Group - Under Construction
|
|
#3
May 26th, 2003, 05:43 AM
|
|||
|
|||
|
hey,
frankie is right, you really dont wanna be sending the password and username over the URL....it's not secure at all..... if you are really wanting to use this method you've written for authentication, and not sessions.. then you could use the POST method to send the details.... I am not sure how secure that is, but at least the details wont be visible in the URL..... you'd have to use method="post" on the login form... then use PHP Code:
Do check out that article frankie suggested, it would be better to use Sessions for members areas really....
|
|
#4
May 26th, 2003, 06:01 AM
|
|||
|
|||
|
Thank you very much I really needed more the one person's opinion. I guess I am gonna use sessions and eventualy the only think I have to change is the check function. I though when you use md5() is pretty secure. However that was my though on the first place that is not secure to put the password in any form in the url.
Thank you very much. I'm also a big fan of Man Utd ;]]]
|
|
| Viewing: Dev Articles Community Forums > Programming > General Programming Help > Members Area Question |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
