login php

Hi I am about to code my login area and register area on my site where users can login and would be nice to have  similar one experts exchange have the blue version.

Now I have been reading some php scripts, but I was wondering if anyone has coded a more secure login than the ones on the net and if so would you mind dropping it up for me, I have so much to do as I am coding a very complicated delphi application to work with my site at the same time, so much to do :)

running windows web server 2008 on  my dedicated server and mysql
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What do you mean by "more secure"? What login script do you have and what security flaw do you see in it?
966Author Commented:
just the ones free on the net but they are all like posted in 2003 and 05 and my site will get well tested and I must make sure I have the best possible login and register section to withstand sql injection ect..    
There is really nothing to it so you should be fine.

Make sure you never trust user input and you'll be just fine. PHP has ways of doing this for you. For example, if you are accepting user data and are using MySQL you can use a function called mysql_real_escape_string() to filter stuff out. (see example code).

Another way (better but more time consuming) is to use an ORM like Doctrine. It will take care of any filtering for you and will bring back objects from the database which are far easier and more flexible to use than arrays, etc.

I wrote a simple ORM myself which hasn't got nearly as many features as Doctrine but will do the job for simple stuff and is much easier to use and install.


My own home grown ORM:


// Make sure you always connect to the DB before
// using mysql_real_escape_string() so that the 
// function uses the correct DB character set
$db = msql_connect();

$safe_username = mysql_real_escape_string($_REQUEST['username']);

// Now $safe_username can be safelyused inside a query and no injection can happen.


Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
966Author Commented:
got it from about.com amazing script.  I paid for one and it was useless.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.