SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    epsom
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Password Login + Database

    Hi Everyone

    I am introducing a password login script to my site.

    I know how to password the site but am looking for good ways to password protect to users can only access their details and no-one elses!

    Also i was wondering whether to use SSL or not!

    Please can you advise me!

    Thanks

    Nicholas

  2. #2
    SitePoint Enthusiast MeLoDi's Avatar
    Join Date
    Sep 2003
    Posts
    98
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well.. you could give them a userid as well.. that way its unique and u can control what u want them to see.. e.g. only their own details. thats one way hope it helps

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    epsom
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hi

    thanks

    what i am going to do is store and id in the session and add that session to my sql statement..

    Do you know anything about ssl?>

    also at the moment i am storing my passwords in the db with no encryption so when the user logs in the password in passed in plain text.

    do u know of any encryption i can use.. ive heard of md5

    thanks

    nick

  4. #4
    SitePoint Enthusiast MeLoDi's Avatar
    Join Date
    Sep 2003
    Posts
    98
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well for encryption u could use this
    Code:
    'This function encrypts the password to ensure security
    Private Function EncryptText(ByVal strEncryptionKey, ByVal strTextToEncrypt)
    	' Declare variables
    	Dim outer, inner, Key, strTemp
    	' For each character in strEncryptionKey
    	For outer = 1 To Len(strEncryptionKey)
    		' Get a character to use as our encryption 
    		' key in this iteration of the OUTER loop
    		key = Asc(Mid(strEncryptionKey, outer, 1))
    		' For each character in strTextToEncrypt
    		For inner = 1 To Len(strTextToEncrypt)
    			' Update our encrypted text
    			strTemp = strTemp & Chr(Asc(Mid(strTextToEncrypt, inner, 1)) Xor key)
    			' Change our encryption key to mix things up in the INNER loop.
    			key = (key + Len(strEncryptionKey)) Mod 256
    		Next
    		' Update the strTextToEncrypt variable before 
    		' the next iteration of the OUTER loop
    		strTextToEncrypt = strTemp
    		' Reset strTemp for the next iteration of the OUTER loop.
    		strTemp = ""
    	Next
    	' Assign the value of the encrypted text to the function name 
    	' so we can return the value to the caller
    	EncryptText = strTextToEncrypt
    End Function
     
      ' Encrypt the Password
       strEncryptedPassword = EncryptText(CStr(username), CStr(password))
    very useful code and simple too not messy lol cant remember where i found it though haha hope it helps

  5. #5
    Original Gangster silver trophy Thing's Avatar
    Join Date
    Oct 2000
    Location
    Philadelphia, PA
    Posts
    4,708
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Look up HASH and SALT for password encryption. It's a way of encrypting the text that you want before storing the data in your database:

    http://www.google.com/search?hl=en&q=ASP+password+hash

  6. #6
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    epsom
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks melodi and thing!

    how about ssl and https://

    can u give me some ideas on how to use it!

    thanks

    nick

  7. #7
    Afrika
    Join Date
    Jul 2004
    Location
    Nigeria
    Posts
    1,737
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You would need to purchase an ssl certificate to get the https

    there are quite a couple out there, www.verisign.com www.thawte.com wwwt.geotrust.com www.godaddy.com etc cant remember them all, but godaddy is one of the cheapest.

    there are basically two types, chained ssl and root ssl.

    I woudl advice you to go for root, which basically are the leading.

    They are normally 128bit. And all they do, is simply protect information as its being sent from your browser to the webserver. Nothing more.

    this is a comparison by godaddy
    https://www.godaddy.com/gdshop/ssl/compare.asp?ci=275

    http://www.internetnews.com/xSP/article.php/3379001
    http://www.tech-encyclopedia.com/ssl-certificate.htm


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •