How to securely manage user accounts?

Discussion in 'PHP' started by RFlame, Mar 14, 2009.

  1. #1
    Hi, I have a website idea that would involve member registrations and an account login for (the usual to become a member of a site).
    What I am wondering is:
    (1) How do I securely log someone in?
    (2) How do I display information specific to someone's account? (ex. every user has some amount of points, how would I display the right value for the right person)

    I'm assuming this involves MySQL databases, which isn't a problem. I just want to to be secure and professional, help?
     
    RFlame, Mar 14, 2009 IP
  2. DrennanSoftware

    DrennanSoftware Active Member

    Messages:
    124
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    53
    #2
    To securely log someone in use sessions and you can encrypt their passwords. A quick Google could help you get more information on that. To display information from someones account use something like this:

    
    $sql = "select * from accounts where name='$_SESSION[username]' and pass='$_SESSION[password]'";
    $result = mysql_query ($sql);
    while ($row = mysql_fetch_array($result))
    {
             $Points = $row["points"];
             echo "You have $Points points!";
    }
    
    Code (markup):
     
    DrennanSoftware, Mar 14, 2009 IP
  3. ads2help

    ads2help Peon

    Messages:
    2,142
    Likes Received:
    67
    Best Answers:
    1
    Trophy Points:
    0
    #3
    One of the basic tips is :

    Don't store the passwords in their real form. Encrypt it using, eg: md5()

    This applies for passwords in cookies / mysql database.

    - ads2help
     
    ads2help, Mar 14, 2009 IP
  4. jazzcho

    jazzcho Peon

    Messages:
    326
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Secure is a broad sense. It relies on what your thret model is. For simple sites, just don 't display them and make sure you do not have sql injection errors.
     
    jazzcho, Mar 27, 2009 IP