Jump to content


User Authenication System (Design) (How did you do yours?)

  • Please log in to reply
3 replies to this topic

#1 Drezard

  • Members
  • PipPipPip
  • Advanced Member
  • 244 posts

Posted 21 October 2006 - 08:08 AM

I want to make a User Authenication System, (You know, Login/Logout sort of thing). Im not sure how to do it though... Is it better to use cookies or sessions? Can someone give me an idea. I tried making one before but i failed miseriable.

Thanks, Daniel

#2 manichean

  • Members
  • PipPip
  • Member
  • 29 posts

Posted 21 October 2006 - 08:43 AM

The best information I can give you without going into a massive explanation is pointing you to PEAR, if you dont know about it you do now.

For an explanation of what PEAR is check this link
Visit : http://pear.php.net/

You will be particualrly interested in the packages list. Go there and check the Authentication package
Visit : http://pear.php.net/...=Authentication

This should help you on your way

#3 Drezard

  • Members
  • PipPipPip
  • Advanced Member
  • 244 posts

Posted 21 October 2006 - 09:10 AM

I just need these questions answered then:

[A] When a user logs in do you create a cookie for the username and password? Or just one?

[B] When a user logs in how exaclty does the script go?

- Thanks, Daniel

#4 swap

  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 21 October 2006 - 09:59 AM

It's p[retty simple,

there are  a few options,

when you login;
1.) the script creates a $_SESSION value that will be checked every page the user requests.
    if the $_SESSION value isn't found, the page will not be opened. (the user will be redirected.)
    A session can either result in a cookie or some header code.

2.) The script inserts a value to the databse, and uses the url, some hidden value or a cookie to let the user pass the value back to the script.
    If the value for that ip matches the value from the database, it passes the validation.
    Some problems occur when more then one user logsin from the same ip.
    Solutions are there, just an example.
*)  lots of other options.

just make sure login pages are going trough ssl and you're safe to go.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users