Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Jan 2007
    Posts
    32
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How to add security and sessions to login page

    Hi

    Iam new to PHP,please help me how to give security and sessions in login page.If possible give one example.

  • #2
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    http://www.php.net/session
    http://www.php.net/md5 for the password
    http://www.php.net/mysql_escape_string to prevent sql injection

    there's examples on each of them pages

  • #3
    Super Moderator JohnDubya's Avatar
    Join Date
    Nov 2006
    Location
    Missouri
    Posts
    634
    Thanks
    12
    Thanked 18 Times in 18 Posts
    What about using sha1() for the password? Benefits/cons to that?

  • #4
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    sha1's been known to be th successor of md5, but I don't know the pros or cons of them really. I know that md5 can be easily 'broken' as you can look online for the decrypters and stuff. I think sha2 is meant to be the best, but I don't really know anything about hashes

  • #5
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    It's better to use SHA1 than MD5 as SHA1 has a higher encryption strength.

    When storing passwords, use a salt with the password. For instance, you'd return the encoded version like this:

    PHP Code:
    $salt uniqid();
    $password sha1($actual_password $salt); 
    It prevents some minor things (such as when people have the same password, the hash will show up different).

  • #6
    Super Moderator JohnDubya's Avatar
    Join Date
    Nov 2006
    Location
    Missouri
    Posts
    634
    Thanks
    12
    Thanked 18 Times in 18 Posts
    From what I hear, sha1() is more secure. I know for sure that it's hash is longer (40 characters), so that's got to be a benefit. I recently changed my passwords to sha1(). And I'm not sure I've heard of sha2()...are you talking about sha256()?

  • #7
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    Yeah sorry, I meant to put sha2**, meaning sha224 and sha256


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •