Best way of implementing cookies for simple PHP login?

Discussion in 'PHP' started by JamieH, Dec 17, 2014.

0
  1. #1
    Hi,

    I am building a simple registration/login system with a mysql database. Can anyone share some good resources on how to implement cookies, what's the best way of implementing a "remember me" tick box etc.

    Anyone know any good resources so I can learn the correct and safest way of doing this?

    Thanks
     
    Solved! View solution.
    JamieH, Dec 17, 2014 IP
  2. #2
    You can try reading up about PHP Sessions.

    http://php.net/manual/en/book.session.php

    General ideas:

    * Do not store critical information like passwords (even hashed) in a cookie. Only store a long, unique, randomly-generated ID which corresponds to an entry in a Session file or in a database that can be used to identify the user.
    * Hash passwords using a secure hashing algorithm (like sha256) and a "salt" (a random character string). Create a salt, concatenate it to the user's password, hash it, then store the hashed value along with the salt in the user database.

    A "remember me" box, I believe, would just set the user auth cookie with a long expiration time. Naturally, there is more. But those are the very basics.
     
    billzo, Dec 17, 2014 IP
    JamieH and PoPSiCLe like this.
  3. sarahk

    sarahk iTamer Staff

    Messages:
    28,528
    Likes Received:
    4,464
    Best Answers:
    123
    Trophy Points:
    665
    #3
    Don't reinvent the wheel. Use a CMS or framework that has this built in. It'll save you time and energy in other areas too, I bet.
     
    sarahk, Dec 17, 2014 IP
    JamieH likes this.
  4. JamieH

    JamieH Well-Known Member

    Messages:
    974
    Likes Received:
    35
    Best Answers:
    0
    Trophy Points:
    140
    Digital Goods:
    1
    Articles:
    1
    #4
    Thanks for the information, I'll take a look. :)

    Thanks for the reply, is there one in mind that you would recommend?

    Thanks for the responses.

    Jamie
     
    JamieH, Dec 17, 2014 IP
  5. sarahk

    sarahk iTamer Staff

    Messages:
    28,528
    Likes Received:
    4,464
    Best Answers:
    123
    Trophy Points:
    665
    #5
    That depends on what else you need the site to do.

    I have one major client that has their site built on cakePHP because the initial requirement wasn't content focussed and was more like a CRM.

    All of my others use WordPress because, despite the negative feedback that you'll get from some users here, you get a huge amount of functionality for $0. There are loads of themes and plugins that you can get for free or buy and it's relatively easy to write your own because their system is well documented.
     
    sarahk, Dec 17, 2014 IP
  6. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #6
    Wordpress is a pretty good system to use as a basis, but it has a lot of quirks and poor security out-of-the-box, which might allow unsafe plugins and/or exploits. That doesn't mean you shouldn't use it, it just means that you should read up a bit on "wordpress security" if you do.
     
    PoPSiCLe, Dec 17, 2014 IP