Looking for a php login script. I’ve searched stackoverflow and have seen a lot of posts, but can anyone recommend the best method? Also, If I want to use hashing, how do you decode the password when retrieving? My iPhone app uses the same database and currently the passwords are stored in normal text (not very secure, I know).
Also, if I implement a login page that redirects to info.php, how do you stop the user from going directly to the info.php page without logging in, Session control?
Look forward to hearing your input. Thanks very much.
This is a great tutorial on login system design. It covers all the major topics in an object oriented manner and is great for learning about the different considerations.
Decodable passwords are not as secure as they could be, but I’ve had clients insist that they be able to retrieve and change the password at will, no exceptions. So in some cases I opted to salt a base64 encoded string to store in the database, and that seems to work pretty well. A function exists to encode/decode as needed for the admin user.
Indeed, session control (and/or cookies) are the method to control access. Building it with an object oriented pattern would allow you to do that with just a line or two of code per page (or a line in a header if it’s common).
My one warning is to consider if you have a common login level or need user-level permissions. It’s significantly more work to decide after you’ve built the site that permissions-based logins are important. It can become a real monster if not planned for in the beginning.