By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,598 Members | 1,894 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,598 IT Pros & Developers. It's quick & easy.

secure login

P: n/a
I know this may not be the best place to post this, but it's a start.

I am new to writing web pages, and am writing a mysql driven website. I want
to know how to setup a login page so a user only needs to login once during
a session, so all queries against the MySQL database will proceed smoothly,
without having to enter username/password again and again.

I don't know if it is possible to open the connection to the database once
during login, and then close it at the end, or if a connection needs to be
opened for each query. I would also like to implement md5 for the password,
but don't know how to go about it....i've had a play with javascript and
php, but can't figure out exactly how to do this.

Thanks for any help/pointers
Nathan

Jul 20 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
In article <3f*********************@news.ukonline.co.uk>,
DON'T_SEND_ME@TRIPE_TO_MY_IN.BOX says...
I know this may not be the best place to post this, but it's a start.

I am new to writing web pages, and am writing a mysql driven website. I want
to know how to setup a login page so a user only needs to login once during
a session, so all queries against the MySQL database will proceed smoothly,
without having to enter username/password again and again.

I don't know if it is possible to open the connection to the database once
during login, and then close it at the end, or if a connection needs to be
opened for each query. I would also like to implement md5 for the password,
but don't know how to go about it....i've had a play with javascript and
php, but can't figure out exactly how to do this.

Thanks for any help/pointers


Not JavaScript. I use PHP to check whether the user has authenticated
by comparing PHP_AUTH_USER against a database. Get the code from
http://usenet.hyweljenkins.co.uk/authenticate.php.txt
and include it at the top of every page.

The table "phusers" just has two fields, UserName and Password, both
TINYTEXT in this case.

--
Hywel I do not eat quiche
http://hyweljenkins.co.uk/
http://hyweljenkins.co.uk/mfaq.php
Jul 20 '05 #2

P: n/a
On Fri, 2 Jan 2004 10:46:58 -0000, Nath <DON'T_SEND_ME@TRIPE_TO_MY_IN.BOX>
wrote:
I know this may not be the best place to post this, but it's a start.

I am new to writing web pages, and am writing a mysql driven website. I
want to know how to setup a login page so a user only needs to login
once during a session, so all queries against the MySQL database will
proceed smoothly, without having to enter username/password again and
again.

I don't know if it is possible to open the connection to the database
once during login, and then close it at the end, or if a connection
needs to be opened for each query. I would also like to implement md5
for the password, but don't know how to go about it....i've had a play
with javascript and php, but can't figure out exactly how to do this.


JavaScript shouldn't have any part to play in this; it can, and should,
all be done with PHP or some other server-side language.

Use SSL (https: protocol) to provide the security you need. Using
JavaScript to hash the password using the MD5 algorithm is dangerous: the
user might not have JavaScript enabled. You'll want to hash the password
when it's stored on the server, but perform the hashing server-side.

PHP has a hashing library (Mhash), capable of MD5 and SHA1 (Secure Hash
Algorithm), but it won't necessarily be built-in. There should be plenty
of reference implementations to be found on the Web that you could easily
re-write with PHP if needed.

Mike
Check-out the PHP newsgroups - they are on their own server,
news://news.php.net/
There's also a standard PHP newsgroup, comp.lang.php

--
Michael Winter
M.******@blueyonder.co.invalid (replace ".invalid" with ".uk" to reply)
Jul 20 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.