I have a database containing usernames and passwords… I can understand how to check if the user has entered a valid username and password when they click a login button but how can I keep them logged in for periods of time.. For example I only have to login to Facebook like once every 4 months. I’m assuming cookies have something to do with it? Anyone have some advice or clarity of thought to offer? I don’t want to make my users log-in every time they try to view a page 🙂 ahha!
I have a database containing usernames and passwords… I can understand how to check
Share
Once a user enters their username and password into a form in your site, validate the username and password to be correct, and then set a
$_SESSIONdata for the user’s id for starters. Then, on page load, check if the$_SESSIONdata is set or not, and if it is, the user is logged in.Also, if you’re storing passwords, you should hash them up and salt them up and store the hashed passwords.
Some links and tutorials on Hashing
http://phpsec.org/articles/2005/password-hashing.html
http://seanmonstar.com/post/707158385/a-basic-lesson-in-password-hashing
http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/
http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html
http://www.codinghorror.com/blog/2009/05/i-just-logged-in-as-you-how-it-happened.html (read through codinghorror.com ‘s stuff. Very well written)