Best and faster way of creating secure user login for clients?

Discussion in 'PHP' started by Marketing Mall, Mar 2, 2014.

0
  1. #1
    Hello..
    I already coded this example: http://www.phpeasystep.com/phptu/6.html
    I know exactly how can I create a user login from scratch. But that uses deprecated mysql function. Also mysqli is now deprecated. I could use PDO, but I can maybe do something else.
    Please dont include user codecanyon user login management.
    What I need to know if this can be done with less lines of code without using Frameworks.
     
    Marketing Mall, Mar 2, 2014 IP
  2. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #2
    A login-system doesn't really need to take that many lines of code, but usually you want to include error-checking, reporting back to the user, and maybe also a way to get a password-reset if the user forgets the password etc. All this builds up a bit of codelines - but then, lines of code isn't necessary bad, as long as they all serve a function.
    Besides - mysqli_ is NOT deprecated. Not sure where you got that notion, but it's false.
    You need a form for login, username/password, and a processing-file (if you don't do that in the same file, which of course is perfectly possible)
    You also need a db-backend for storing username/password (hashed, salted) and other needed stuff.
    Then you can add other functionality as you go along.

    The tutorial you pointed to is garbage, btw. The code is crap. Tables to set up a form? No. Using mysql_? No. Adding ob_start() and ob_flush() for PHP5? Why? Pointing to "encrypting" the password? No. You do NOT encrypt a password. You one-way-hash a password. Encryption can be reversed - hashing "can't" - as long as it's properly done. Besides, there are plenty of better ways to create a hashed password in newer versions of PHP.

    Forget what you're looking at, find a better tutorial.
     
    PoPSiCLe, Mar 2, 2014 IP
  3. Nigel Lew

    Nigel Lew Notable Member

    Messages:
    4,642
    Likes Received:
    406
    Best Answers:
    21
    Trophy Points:
    295
    #3
    I would offload some responsibility and go Oauth or just let folks login with social accounts.

    will go flesh the relevant code bits in a sec.
    N.
     
    Nigel Lew, Mar 2, 2014 IP
  4. Marketing Mall

    Marketing Mall Peon

    Messages:
    23
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #4
    Thanks for responses!
    By OAuth you mean the function? http://us2.php.net/oauth
    I found this Auth: http://hybridauth.sourceforge.net/
    I guess that should work on what I want.

    So its just taking care of sessions and prevent SQLi injection right?
    Let me know what you think guys.
     
    Marketing Mall, Mar 3, 2014 IP
  5. Nigel Lew

    Nigel Lew Notable Member

    Messages:
    4,642
    Likes Received:
    406
    Best Answers:
    21
    Trophy Points:
    295
    #5
    Yep, you got it. Its hard to avoid a lib entirely but it seems to me you kill a few birds with one stone by letting folks login with facebook, twitter, google, what have you and not even really capture that stuff.

    Nigel
     
    Nigel Lew, Mar 3, 2014 IP