...

View Full Version : How to add security and sessions to login page



bhagyaa2ze
02-22-2007, 07:29 AM
Hi

Iam new to PHP,please help me how to give security and sessions in login page.If possible give one example.

Nightfire
02-22-2007, 03:11 PM
http://www.php.net/session
http://www.php.net/md5 for the password
http://www.php.net/mysql_escape_string to prevent sql injection

there's examples on each of them pages

JohnDubya
02-22-2007, 03:40 PM
What about using sha1() for the password? Benefits/cons to that?

Nightfire
02-22-2007, 03:54 PM
sha1's been known to be th successor of md5, but I don't know the pros or cons of them really. I know that md5 can be easily 'broken' as you can look online for the decrypters and stuff. I think sha2 is meant to be the best, but I don't really know anything about hashes

aedrin
02-22-2007, 03:57 PM
It's better to use SHA1 than MD5 as SHA1 has a higher encryption strength.

When storing passwords, use a salt with the password. For instance, you'd return the encoded version like this:



$salt = uniqid();
$password = sha1($actual_password . $salt);


It prevents some minor things (such as when people have the same password, the hash will show up different).

JohnDubya
02-22-2007, 03:59 PM
From what I hear, sha1() is more secure. I know for sure that it's hash is longer (40 characters), so that's got to be a benefit. I recently changed my passwords to sha1(). And I'm not sure I've heard of sha2()...are you talking about sha256()?

Nightfire
02-22-2007, 04:13 PM
Yeah sorry, I meant to put sha2**, meaning sha224 and sha256



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum