SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Thread: Managing Users

  1. Feb 12, 2004, 11:29 #1
    SharifTK
    SharifTK is offline
    SitePoint Guru SharifTK's Avatar
    Join Date
    Jan 2004
    Location
    New York, NY
    Posts
    621
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Managing Users

    What is the best method for keeping managing my users? I don't think storing username and password in cookies is secure so I am trying to avoid that. My idea is storing the session ID in a cookie, and in a table along with the username. I just dont understand how I should go on about doing this. So my question really is what is the best way of keeping users logged in without storing username and pass in cookies.
    SK
  2. Feb 12, 2004, 12:07 #2
    Mandibal
    Mandibal is offline
    Mal Reynolds Mandibal's Avatar
    Join Date
    Aug 2003
    Location
    Columbus
    Posts
    718
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Sharif,

    Have you read Harry's article on access control? You should take a look at it.
    http://www.sitepoint.com/article/1279
    This may help.
    Erh
  3. Feb 12, 2004, 16:01 #3
    SharifTK
    SharifTK is offline
    SitePoint Guru SharifTK's Avatar
    Join Date
    Jan 2004
    Location
    New York, NY
    Posts
    621
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for that link Mandibal. Maybe I should try the method that forums like vBulletin uses. So I ask, what is that method? I hope it's not storing the users account info in a cookie
    SK
  4. Feb 12, 2004, 16:10 #4
    Mandibal
    Mandibal is offline
    Mal Reynolds Mandibal's Avatar
    Join Date
    Aug 2003
    Location
    Columbus
    Posts
    718
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I havent disected the vBulletin method, but I'd assume that they dont store sensitive information like a password in a cookie. I think the big thing I took from Harrys article and I assume that this might some what standard is that even after a user initially logs in you act paranoid later. By this I mean if the user logs in then goes and wants to change a password or something you make them supply the original password again so you can check it against the db. Also dont store a password in clear text if you dont have to. Encode it at least with md5.
    Erh
  5. Feb 12, 2004, 16:10 #5
    Schwalbach
    Schwalbach is offline
    SitePoint Zealot
    Join Date
    Jan 2004
    Location
    Wheelersburg
    Posts
    115
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey,

    Whenever I delete all cookies from sitepoint, I am logged out.

    When I viewed my cookies, it does look like they have it encrypted..Here is how I do it using cookies..

    First, whenever a user registers, I set a md5($username)
    and insert it into my db.

    Whenever I set the cookie, I use the value of the md5 and set it in the cookie.

    Now when checking for the user logged in, read the cookie, then SELECT * FROM table WHERE encrypt="$cookieval"

    Just replace the encrypt with your row name, table with tablename, and cookieval with the actual cookies information.

    I don't know if it is safe or not, but works for me
  6. Feb 12, 2004, 17:36 #6
    Knightime
    Knightime is offline
    SitePoint Addict Knightime's Avatar
    Join Date
    Jan 2003
    Location
    USA
    Posts
    376
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It seems there are questions about security here and there. I can sympathize with the confusion. There is a great article called "The Truth About Sessions" that can be found in this free d/l digital version of the mag:

    https://www.entwickler.com/ssl/phppdf/
    Troy

« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules