On Fri, 2 Jan 2004 10:46:58 -0000, Nath <DON'T_SEND_ME@TRIPE_TO_MY_IN.BOX>
wrote:
I know this may not be the best place to post this, but it's a start.
I am new to writing web pages, and am writing a mysql driven website. I
want to know how to setup a login page so a user only needs to login
once during a session, so all queries against the MySQL database will
proceed smoothly, without having to enter username/password again and
again.
I don't know if it is possible to open the connection to the database
once during login, and then close it at the end, or if a connection
needs to be opened for each query. I would also like to implement md5
for the password, but don't know how to go about it....i've had a play
with javascript and php, but can't figure out exactly how to do this.
JavaScript shouldn't have any part to play in this; it can, and should,
all be done with PHP or some other server-side language.
Use SSL (https: protocol) to provide the security you need. Using
JavaScript to hash the password using the MD5 algorithm is dangerous: the
user might not have JavaScript enabled. You'll want to hash the password
when it's stored on the server, but perform the hashing server-side.
PHP has a hashing library (Mhash), capable of MD5 and SHA1 (Secure Hash
Algorithm), but it won't necessarily be built-in. There should be plenty
of reference implementations to be found on the Web that you could easily
re-write with PHP if needed.
Mike
Check-out the PHP newsgroups - they are on their own server,
news://news.php.net/
There's also a standard PHP newsgroup, comp.lang.php
--
Michael Winter
M.******@blueyonder.co.invalid (replace ".invalid" with ".uk" to reply)
