Hi, I am building a simple registration/login system with a mysql database. Can anyone share some good resources on how to implement cookies, what's the best way of implementing a "remember me" tick box etc. Anyone know any good resources so I can learn the correct and safest way of doing this? Thanks
You can try reading up about PHP Sessions. http://php.net/manual/en/book.session.php General ideas: * Do not store critical information like passwords (even hashed) in a cookie. Only store a long, unique, randomly-generated ID which corresponds to an entry in a Session file or in a database that can be used to identify the user. * Hash passwords using a secure hashing algorithm (like sha256) and a "salt" (a random character string). Create a salt, concatenate it to the user's password, hash it, then store the hashed value along with the salt in the user database. A "remember me" box, I believe, would just set the user auth cookie with a long expiration time. Naturally, there is more. But those are the very basics.
Don't reinvent the wheel. Use a CMS or framework that has this built in. It'll save you time and energy in other areas too, I bet.
Thanks for the information, I'll take a look. Thanks for the reply, is there one in mind that you would recommend? Thanks for the responses. Jamie
That depends on what else you need the site to do. I have one major client that has their site built on cakePHP because the initial requirement wasn't content focussed and was more like a CRM. All of my others use WordPress because, despite the negative feedback that you'll get from some users here, you get a huge amount of functionality for $0. There are loads of themes and plugins that you can get for free or buy and it's relatively easy to write your own because their system is well documented.
Wordpress is a pretty good system to use as a basis, but it has a lot of quirks and poor security out-of-the-box, which might allow unsafe plugins and/or exploits. That doesn't mean you shouldn't use it, it just means that you should read up a bit on "wordpress security" if you do.