SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict Mo Money's Avatar
    Join Date
    Nov 2002
    Posts
    274
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Arrow PHP SECURITY TIPS: Members Script

    This thread is dedicated to tips on how to create a really secure members script.

    One question I have always had is, im a newb, and when I have maid simple members scripts before, if the user enters correct username and password, I register a session like $_SESSION['authorized'] = true; and then check to see if that is a registered session on a page i want secured, then if it isnt I exit out. But my question is, how can I make this more secure, what is all this talk of storing sessions and ip's in a db etc. please eloborate!



    And dont forget to post any tips you have on creating a secure members script!
    AbcArcade.com - free internet games!

  2. #2
    No. Phil.Roberts's Avatar
    Join Date
    May 2001
    Location
    Nottingham, UK
    Posts
    1,142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well if you want to store the sessions in a database you could always use a session class like Mine (Requires the Eclipse db libs)

  3. #3
    SitePoint Addict richard_h's Avatar
    Join Date
    May 2002
    Location
    London
    Posts
    301
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    And you could also use a validation class like Mine

  4. #4
    SitePoint Addict Mo Money's Avatar
    Join Date
    Nov 2002
    Posts
    274
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so, what is the most secure method for a member script?

    one tip is to put a sleep(1); function at the top of the script that checks the users info against a db.
    AbcArcade.com - free internet games!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •