LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 04-30-2006, 05:21 AM   #1
genderbender
Member
 
Registered: Jan 2005
Location: US
Distribution: Centos, Ubuntu, Solaris, Redhat
Posts: 396

Rep: Reputation: 31
A good secure login script with PHP and mySQL


I'm creating a PHP website and I need a login script that references a mySQL database, the database has already been created. A tutorial will do, not a long one please... I've got two books on how to do it, but there quite hefty (I picked professional editions, lol). So a very basic tutorial will do, oh yeah it also has to be secure, basic security at least a 64 bit MD5 hash will do.

Thanks guys,

always a great help
 
Old 04-30-2006, 09:10 AM   #2
graemef
Senior Member
 
Registered: Nov 2005
Location: Hanoi
Distribution: Fedora 13, Ubuntu 10.04
Posts: 2,379

Rep: Reputation: 148Reputation: 148
Check out the Pear scripts
 
Old 05-01-2006, 11:38 PM   #3
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Check your books for 'authentication'. I'm sure you'll find something. Else a search on the internet for php mysql authentication will give you plenty examples as well.

I use a 'user' table in every database (so not the user table provided in the mysql database itself).
When you add a user, you store the password in encrypted form. In the code below, replace mycrypt by one of the crypt functions supplied by MySQL (see chapter 12.9.2)
Code:
insert into user set login='genderbender',pwd=mycrypt('genderbender password')
The following code can be used for authentication
Code:
select * from user where login='supplied login' and pwd=mycrypt('supplied password')
If the query returns a row, it's a valid user.
 
Old 05-02-2006, 10:06 AM   #4
krizzz
Member
 
Registered: Oct 2004
Location: NY
Distribution: Slackware
Posts: 198

Rep: Reputation: 30
MD5 will definitely do it, as long as you create secure login web page. Make sure it's not XSS (cross site scripting) vulnerable and also make sure SQL injection is not possible through your input fields.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SQUID login with PHP,MySQL ujjwal_wadhawan Linux - Software 0 03-20-2006 07:12 AM
Recommend a good book for PHP and mySQL vharishankar Programming 7 11-19-2004 06:55 AM
MySQl account login, PHP agallant Programming 2 07-16-2004 11:01 AM
What's a good php upload script for this? kleptophobiac Programming 2 01-31-2004 07:06 AM
PHP: secure login system markus1982 Programming 4 10-16-2003 11:50 AM


All times are GMT -5. The time now is 09:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration