• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 237
  • Last Modified:

login php

Hi I am about to code my login area and register area on my site where users can login and would be nice to have  similar one experts exchange have the blue version.

Now I have been reading some php scripts, but I was wondering if anyone has coded a more secure login than the ones on the net and if so would you mind dropping it up for me, I have so much to do as I am coding a very complicated delphi application to work with my site at the same time, so much to do :)

running windows web server 2008 on  my dedicated server and mysql
0
966
Asked:
966
  • 2
  • 2
1 Solution
 
poisaCommented:
What do you mean by "more secure"? What login script do you have and what security flaw do you see in it?
0
 
966Author Commented:
just the ones free on the net but they are all like posted in 2003 and 05 and my site will get well tested and I must make sure I have the best possible login and register section to withstand sql injection ect..    
0
 
poisaCommented:
There is really nothing to it so you should be fine.

Make sure you never trust user input and you'll be just fine. PHP has ways of doing this for you. For example, if you are accepting user data and are using MySQL you can use a function called mysql_real_escape_string() to filter stuff out. (see example code).

Another way (better but more time consuming) is to use an ORM like Doctrine. It will take care of any filtering for you and will bring back objects from the database which are far easier and more flexible to use than arrays, etc.

I wrote a simple ORM myself which hasn't got nearly as many features as Doctrine but will do the job for simple stuff and is much easier to use and install.

Doctrine:
http://www.doctrine-project.org/

My own home grown ORM:
http://www.julianvidal.com/code.php?id=40

<?php

// Make sure you always connect to the DB before
// using mysql_real_escape_string() so that the 
// function uses the correct DB character set
$db = msql_connect();

$safe_username = mysql_real_escape_string($_REQUEST['username']);

// Now $safe_username can be safelyused inside a query and no injection can happen.

?>

Open in new window

0
 
966Author Commented:
got it from about.com amazing script.  I paid for one and it was useless.
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now