Login

`P R O D I G Y™ · 08-25-2010, 02:51 AM

How exactly should login data be handled other than mysql_escape_string, what parts need to be cookied stored, etc?

ndee · 08-25-2010, 06:13 AM

It really depends on the script. It it's a forum, then it's something, if it's an user panel, it's another thing.

Iarkey · 08-26-2010, 09:44 AM

store the username and some sort of session key that expires every X minutes and only works if the current ip matches last login ip.

Proof · 08-26-2010, 01:49 PM

(08-26-2010, 09:44 AM)Iarkey Wrote: store the username and some sort of session key that expires every X minutes and only works if the current ip matches last login ip.

Use a cookie.

in the log in block put this

PHP Code:
$x = 3600; // time to expire
setcookie("IP", $_SERVER['REMOTE_ADDR'], time()+$x); 

you can check if they match by doing this

PHP Code:
if($_COOKIE['IP'] == $_SERVER['REMOTE_ADDR']){
//do stuff
}else
die(); 

Iarkey · 08-26-2010, 03:24 PM

(08-26-2010, 01:49 PM)Proof Wrote: Use a cookie.

in the log in block put this

PHP Code:
$x = 3600; // time to expire setcookie("IP", $_SERVER['REMOTE_ADDR'], time()+$x);

you can check if they match by doing this

PHP Code:
if($_COOKIE['IP'] == $_SERVER['REMOTE_ADDR']){ //do stuff }else die();

Then someone can just steal the cookie D:

Proof · 08-26-2010, 03:52 PM

(08-26-2010, 03:24 PM)Iarkey Wrote: Then someone can just steal the cookie D:

You can steal a session if you're on the same server... I think it goes the same for a cookie. You can also add more parameters to it.

Iarkey · 08-26-2010, 04:15 PM

(08-26-2010, 03:52 PM)Proof Wrote: You can steal a session if you're on the same server... I think it goes the same for a cookie. You can also add more parameters to it.

you want to check the client uses the same ip as the one you assigned the cookie too.

Proof · 08-26-2010, 05:30 PM

(08-26-2010, 04:15 PM)Iarkey Wrote: you want to check the client uses the same ip as the one you assigned the cookie too.

Either I'm not understanding you or you didn't read it..

PHP Code:
if($_COOKIE['IP'] == $_SERVER['REMOTE_ADDR']){
//do stuff
}else
die(); 

Iarkey · 08-26-2010, 06:22 PM

(08-26-2010, 05:30 PM)Proof Wrote: Either I'm not understanding you or you didn't read it..

PHP Code:
if($_COOKIE['IP'] == $_SERVER['REMOTE_ADDR']){ //do stuff }else die();

wouldn't you just be able to edit the ip in the cookie to yours?

Proof · 08-26-2010, 11:42 PM

(08-26-2010, 06:22 PM)Iarkey Wrote: wouldn't you just be able to edit the ip in the cookie to yours?

I guess you register a random md5 hash and then put it in the DB and check if it matches up each time a page loads.

Login
Username:
Password:	Lost Password?
	Remember me

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	PHP Framework List: An Ultimate Guide to 102 PHP Frameworks for Web Developers	tk-hassan	0	784	07-27-2020, 11:26 PM Last Post: tk-hassan
	PHP Video Tutorials (PHP For Beginners)	Eleqtriq	4	3,290	10-10-2011, 01:00 PM Last Post: Greyersting