- This topic is empty.
June 24, 2013 at 2:22 pm #45799
I want to make my own login system on my webpage in php and with myqsl. I have two questions.
* How can i make a secure database connexion in php to mysql, because i don’t want people to se my database information? :-D
* Is it possible for other people to download php files from the url address? :-D
thanks in advance ;-)June 24, 2013 at 2:59 pm #140118AlenParticipant
> Is it possible for other people to download php files
No, PHP is server side scripting language… which means it gets processed on the server and only HTML gets returned to your browser.June 24, 2013 at 3:07 pm #140119
ARGGHH, that was very usefull information!! you helped me a lot. THANKS ;-)June 24, 2013 at 4:57 pm #140138Kitty GiraudelParticipant
I recommand against doing your own script. Let me tell you this straight ahead: you won’t succeed. In the best scenario, you will have a poorly secured PHP login system.
Data security and cryptography are quite complicated topics and most importantly, well, important ones. You can’t afford screwing things up; you have to be sure.
I highly recommand you use a PBKDF2 (1k+ running) function along with some sha256 or sha512 if you can afford it: https://defuse.ca/php-pbkdf2.htm. Also you should read this: http://crackstation.net/hashing-security.htm.June 24, 2013 at 6:07 pm #140158__Participant
You’ll still need to do the work of storing/retrieving the hash, but that’s a cakewalk by comparison.
Overall, however, @HugoGiraudel is right: using a proven, pre-existing solution is almost always a “better plan.”June 25, 2013 at 4:02 am #140244
Thanks for all your reply and help ;-)June 25, 2013 at 2:14 pm #140332AWKMParticipant
Should get to your local bookstore and search for PHP/MySQL books by Larry Ullman. Recent revisions should have just what you need.June 25, 2013 at 3:19 pm #140360
I will do that, thanks for your help ;-)June 26, 2013 at 10:45 am #140535chadburrowsMember
I agree with @HugoGiraudel. I too prefer to use prebuilt software wherever possible. To that end, I don’t remember what I was doing, but I ran into this recently:
It was a little weird to set up in my testing environment, but it only took me a few hours and I had a fully functional login system by carefully following the guide. The author clearly knows what they are doing and I can see myself using it for a number of projects I’m working on. Would have taken me months to create anything even close to it and my solution would have probably been riddled with security holes.
- The forum ‘Back End’ is closed to new topics and replies.