Solved

Best way to make a login for an AJAX, PHP, Javascript site

Posted on 2009-05-19
2
279 Views
Last Modified: 2013-12-12
Hey guys, not sure if this question has been answered before but It's a little broad. I am looking for the best way to make a login for my site. Right now the site is all html pages that connect to javascript pages which run ajax to connect to PHP pages when needed to update the server (when on one of the users writes articles or something). Right now there is no login for the website, but I eventually think it would be good if people could make a profile and have their own little space. I think that this would require some sort of login system which runs from page to page. I don't know much about making a login system based off of sessions or if there is a way to pass session variables from PHP to javascript.

My question is, is switching all of the HTML pages to PHP and then trying to create a SESSION based login system good? Or is there some better system that currently uses AJAX, and PHP like I am using now? Could you also tell me why you think your solution is the best? Which one is easier to implement and faster to load? Also, which one will be more secure?

Thanks guys,
Rick
0
Comment
Question by:Sucao
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 27

Accepted Solution

by:
Cornelia Yoder earned 500 total points
ID: 24427852
http://php-login-system.com/  

This is a customizable login system that some interns of mine developed.  It can be embedded into any mysql-based system.  I'd be delighted to have a beta-test of it.

The website and paypal part is still under development, but the actual code is ready.  If you would like to try it out, use the Contact Us.
0
 
LVL 31

Expert Comment

by:Frosty555
ID: 24428492
You will need to use PHP sessions at one point or another. But you may be able to just set and check the session var in your existing PHP pages (the ones called via ajax). Have those PHP pages deny access if the user isn't logged in, and then have error handlers on the html pages to handle those events.

If you have trouble getting the sessions to register on your pages, you may need to rename all your pages from .html to .php, and register the session in them. But no further code changes should really be necessary.

Don't try to implement the login code in javascript on the client side. It must be the PHP side that decides whether sensitive data makes its way to the client. Once its on the client side, no amount of javascript can really protect it. It's not secure to implement login or access restrictions on the client side.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Read about why it is more lucrative for an IT company to participate in government projects.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question