nadeemshafi9 Posted November 13, 2008 Share Posted November 13, 2008 Hi guys Just wanted to ask what is the best hack proof way way of authenticating a user i have a few ideas 1. use a session user is authenticated flag to say the user is authenticated 2. use a hashed timestamp and insert it into the users record and into a session variable and compare them whilst the user surfs. 3. store the hashed pwd and username in a session variable and log in the user each time on every opage , this would mean last login time would be hard to get. any sugestions please, thanks Quote Link to comment Share on other sites More sharing options...
runnerjp Posted November 13, 2008 Share Posted November 13, 2008 http://www.tutorialized.com/tutorials/PHP/User-Authentication/1 Quote Link to comment Share on other sites More sharing options...
nadeemshafi9 Posted November 13, 2008 Author Share Posted November 13, 2008 http://www.tutorialized.com/tutorials/PHP/User-Authentication/1 i looked at them and althogh they point out some nice tips, they dont realy discuss a theoretical system, my aim is to not allow the hacker to exploit the session variables Quote Link to comment Share on other sites More sharing options...
limitphp Posted November 13, 2008 Share Posted November 13, 2008 I'm pretty new to trying to secure logins and stuff, but from listening to everyone on this forum, here's what I do. When they login without clicking "remember me" I store a uniqueID on a cookie set for about 25 minutes. I then store that same uniqueID in a table along with their userID and an expiration date. On any page where they need to be authenticated, I check for the uniqueID in the cookie, if its there, I get their user info from the userID in the table. When they login and click "remember me", same thing, only the cookie is set for about 30 days. I figure I will delete all entries in the table everyday where the expiration date expired. Like I said, I'm not super good at this stuff yet, but this seems like a secure system to me. Quote Link to comment Share on other sites More sharing options...
revraz Posted November 13, 2008 Share Posted November 13, 2008 Sessions are pretty tough to hack out. Search for "session security" for PHP. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.