SitePoint.com

zeeshanhashmi · Jan 3, 2006, 09:41

Hi Masters,

Hi Shiflett, PaulyG, Rodney H

At this time, i really need your helps. I m making mu univeristy project on Rental Property. Guest can only search, member can view the details of property and post their requirements, landlords can post their properties. I also want this website to be online (apart from the project.). I m a bit confused how to make a good Login page. One thing is clear that i should not go for the maximum security. But in future my plan is to market the website in UK, Australia, USA, and other ountries to atract visitors.
So what I want is to know WHAT SORT OF LOGIN PAGE SHOULD I CREATE ?

All i need to know in how much DETAIL i should go as far as the SECURITY is concerned. The site is not initialy heavil visited, but in future i will try to put a lot of trafic on it. Therefore plesae help me. If u give me code then it will really get me to the Success. Please help ...

I wnat to use "remember me" feature.
I donot want to use PEAR.
I want to use Encrypted Passwords
I want to use Session and/or cookies
I do not want the HACKER to steal the password in any way (from the DB or through JAVASCRIPT or whatever)
I want that if a user put 3 consucative wrong logins, it should block the User and email the administrator "that the particular user from IP...... tryng to use to enter the site but failed"

I also want to make sure that the LOGIN FORM and VALUES of EMAIL and PASSWORD is received in the Lgnprocess.php from my website. and not from some other website. like i want to check the referrer (Shiflett U give me some idea instead of this, please help with that)

I hope that u people can give me a good help. Thanks a lot or your support.

holmescreek · Jan 3, 2006, 14:33

Here are some ideas :

http://www.sitepoint.com/forums/showthread.php?t=331447

For addeded security, install a SSL certificate.

kirikintha · Jan 3, 2006, 16:45

openssl rocks!

http://www.openssl.org/

also read the sitepoint article on top php security mistakes, there is a part on bad coding for logging in and sql insertion problems

Jan 3, 2006, 09:41	#1
zeeshanhashmi if ($zee == "Guru") { $zee--;} Join Date: Nov 2005 Location: Karachi - Pakistan Posts: 1,005	Held Needed for Login Hi Masters, Hi Shiflett, PaulyG, Rodney H At this time, i really need your helps. I m making mu univeristy project on Rental Property. Guest can only search, member can view the details of property and post their requirements, landlords can post their properties. I also want this website to be online (apart from the project.). I m a bit confused how to make a good Login page. One thing is clear that i should not go for the maximum security. But in future my plan is to market the website in UK, Australia, USA, and other ountries to atract visitors. So what I want is to know WHAT SORT OF LOGIN PAGE SHOULD I CREATE ? All i need to know in how much DETAIL i should go as far as the SECURITY is concerned. The site is not initialy heavil visited, but in future i will try to put a lot of trafic on it. Therefore plesae help me. If u give me code then it will really get me to the Success. Please help ... I wnat to use "remember me" feature. I donot want to use PEAR. I want to use Encrypted Passwords I want to use Session and/or cookies I do not want the HACKER to steal the password in any way (from the DB or through JAVASCRIPT or whatever) I want that if a user put 3 consucative wrong logins, it should block the User and email the administrator "that the particular user from IP...... tryng to use to enter the site but failed" I also want to make sure that the LOGIN FORM and VALUES of EMAIL and PASSWORD is received in the Lgnprocess.php from my website. and not from some other website. like i want to check the referrer (Shiflett U give me some idea instead of this, please help with that) I hope that u people can give me a good help. Thanks a lot or your support. Last edited by zeeshanhashmi; Jan 3, 2006 at 09:48. Reason: Missed

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

Jan 3, 2006, 14:33	#2
holmescreek SitePoint Wizard Join Date: Mar 2001 Location: Northwest Florida Posts: 1,705	Here are some ideas : http://www.sitepoint.com/forums/showthread.php?t=331447 For addeded security, install a SSL certificate.

Jan 3, 2006, 16:45	#3
kirikintha SitePoint Addict Join Date: Nov 2004 Location: Boulder, CO Posts: 290	openssl rocks! http://www.openssl.org/ also read the sitepoint article on top php security mistakes, there is a part on bad coding for logging in and sql insertion problems