Hi, I have a website idea that would involve member registrations and an account login for (the usual to become a member of a site). What I am wondering is: (1) How do I securely log someone in? (2) How do I display information specific to someone's account? (ex. every user has some amount of points, how would I display the right value for the right person) I'm assuming this involves MySQL databases, which isn't a problem. I just want to to be secure and professional, help?
To securely log someone in use sessions and you can encrypt their passwords. A quick Google could help you get more information on that. To display information from someones account use something like this: $sql = "select * from accounts where name='$_SESSION[username]' and pass='$_SESSION[password]'"; $result = mysql_query ($sql); while ($row = mysql_fetch_array($result)) { $Points = $row["points"]; echo "You have $Points points!"; } Code (markup):
One of the basic tips is : Don't store the passwords in their real form. Encrypt it using, eg: md5() This applies for passwords in cookies / mysql database. - ads2help
Secure is a broad sense. It relies on what your thret model is. For simple sites, just don 't display them and make sure you do not have sql injection errors.