Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Login system

  • This topic is empty.
Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • June 24, 2013 at 2:22 pm #45799
    cssmann
    Participant

    I want to make my own login system on my webpage in php and with myqsl. I have two questions.

    * How can i make a secure database connexion in php to mysql, because i don’t want people to se my database information? :-D

    * Is it possible for other people to download php files from the url address? :-D

    thanks in advance ;-)

    June 24, 2013 at 2:59 pm #140118
    Alen
    Participant

    http://net.tutsplus.com/tutorials/php/php-database-access-are-you-doing-it-correctly/

    > Is it possible for other people to download php files

    No, PHP is server side scripting language… which means it gets processed on the server and only HTML gets returned to your browser.

    June 24, 2013 at 3:07 pm #140119
    cssmann
    Participant

    ARGGHH, that was very usefull information!! you helped me a lot. THANKS ;-)

    June 24, 2013 at 4:57 pm #140138
    Kitty Giraudel
    Participant

    I recommand against doing your own script. Let me tell you this straight ahead: you won’t succeed. In the best scenario, you will have a poorly secured PHP login system.

    Data security and cryptography are quite complicated topics and most importantly, well, important ones. You can’t afford screwing things up; you have to be sure.

    I highly recommand you use a PBKDF2 (1k+ running) function along with some sha256 or sha512 if you can afford it: https://defuse.ca/php-pbkdf2.htm. Also you should read this: http://crackstation.net/hashing-security.htm.

    June 24, 2013 at 6:07 pm #140158
    __
    Participant

    [Check This Out](http://php.net/password). There is a working userland implementation now – you can [download it from github](https://github.com/ircmaxell/password_compat).

    You’ll still need to do the work of storing/retrieving the hash, but that’s a cakewalk by comparison.

    Overall, however, @HugoGiraudel is right: using a proven, pre-existing solution is almost always a “better plan.”

    June 25, 2013 at 4:02 am #140244
    cssmann
    Participant

    Thanks for all your reply and help ;-)

    June 25, 2013 at 2:14 pm #140332
    AWKM
    Participant

    Should get to your local bookstore and search for PHP/MySQL books by Larry Ullman. Recent revisions should have just what you need.

    June 25, 2013 at 3:19 pm #140360
    cssmann
    Participant

    I will do that, thanks for your help ;-)

    June 26, 2013 at 10:45 am #140535
    chadburrows
    Member

    I agree with @HugoGiraudel. I too prefer to use prebuilt software wherever possible. To that end, I don’t remember what I was doing, but I ran into this recently:

    http://barebonescms.com/documentation/sso/

    It was a little weird to set up in my testing environment, but it only took me a few hours and I had a fully functional login system by carefully following the guide. The author clearly knows what they are doing and I can see myself using it for a number of projects I’m working on. Would have taken me months to create anything even close to it and my solution would have probably been riddled with security holes.

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)
  • The forum ‘Back End’ is closed to new topics and replies.