SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Addict
    Join Date
    Aug 2007
    Posts
    328
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Considerations for my first php experiment

    Hi Guys,
    I'm interested in getting started with php, so I thought I'd make a simple text browser based game (Including a mysql database) and just take it step by step from there.

    The first thing I want to become knowledgeable about is security and how to record usernames passwords in the best possible way.

    What should I take into consideration when designing the registration/login process, as well as any other form where the user can input data.

    What should I prevent the user from typing in?

    And how should I go about encrypting the login information, storing it, and then comparing what they type in next time they log in, to what's stored in the database?

    I don't need a step by step walk through, just a list of things that I need to go look up, including specific things to includ in my validation/encryption if possible please.

    Thanks.

    regards
    Steve

  2. #2
    SitePoint Zealot
    Join Date
    Apr 2009
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Accept only a-z, A-Z, 0-9, & @ in an email field.

    Use the php crypt function for passwords. Documentation related to that should give you most of what you need on passwords.

  3. #3
    SitePoint Addict
    Join Date
    Aug 2007
    Posts
    328
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Great thanks for that, a few quick questions though.

    Does [0-9] support floats as well or just integers? I imagine floats, but thought I better check.

    How can I specify that I ONLY want integers?

    Which type of encryption should I use? (here it talks about "salts" http://uk.php.net/crypt)

    I've seen functions in a book I've got, such as "strip html tags" (Can't remember the others), are these just predefined set's of regex to use (In the form of a function) or are they something else? And is there a way to combine all of these functions in order to get a more squeeky clean result?

    And with regards to password encryption, if a user registers with the password "dog" and that password is then encrypted, and the encrypted password is stored. If the user then tries to log in with the password "dog" will I just simply be encrypting it again and comparing it to what's already in the database? Or is it more involved than that?

  4. #4
    SitePoint Wizard
    Join Date
    Mar 2002
    Location
    Bristol, UK
    Posts
    2,240
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by vernon-oliver View Post
    Accept only a-z, A-Z, 0-9, & @ in an email field.
    Right, so what happens if my username is firstname_lastname @ gmail.com then? (ignore spaces)

  5. #5
    SitePoint Zealot
    Join Date
    Apr 2009
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SJH View Post
    Right, so what happens if my username is firstname_lastname @ gmail.com then? (ignore spaces)
    You are prevented from registering I guess I should have looked at the RFC, need to allow
    Code:
    . _ -
    off the top of my head. Might have missed something.

  6. #6
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The RFC allows for a lot of characters, including spaces, @ symbols, and oh so much more!

    Valid email address:
    person+likes+things@example.com
    "Bobby\@Tables"@example.com
    "Frank\ Danger"@example.com
    "Peter\\ Glo"@example.com
    "\␤#!^\␡\ apple"@example.com
    "\<?php\ echo\ sprintf\('&#37;0.2f',\ 4.3433\)\;\ ?\>"@example.com

    + *is* used by Gmail, by the way.

  7. #7
    SitePoint Addict
    Join Date
    Aug 2007
    Posts
    328
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry, what is RFC?

    And is there a conclusion as to what I should be filtering out? Speficially for email addresses, but what about everything else?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •