The Little Guy Posted June 4, 2007 Share Posted June 4, 2007 If I were to have people log on to email sites such as gmail, would it be best to store their login and password as a cookie on their computer, or encrypted in my database, then decrypt it when they log on to my site so it automatically logs them in to gmail? Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/ Share on other sites More sharing options...
Caesar Posted June 4, 2007 Share Posted June 4, 2007 I would use sessions...but that's just me. Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/#findComment-267892 Share on other sites More sharing options...
The Little Guy Posted June 4, 2007 Author Share Posted June 4, 2007 Me too, I just need a place to store the login and password, so it will automatically login when the user comes back. Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/#findComment-267894 Share on other sites More sharing options...
The Little Guy Posted June 5, 2007 Author Share Posted June 5, 2007 Bumpage. Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/#findComment-268123 Share on other sites More sharing options...
mmarif4u Posted June 5, 2007 Share Posted June 5, 2007 To login again after 1 or 2 etc hours or days the answer is cookies. Session are stored on server after closing the browser the session are destroyed. Better to use cookies for your situation. Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/#findComment-268125 Share on other sites More sharing options...
The Little Guy Posted June 5, 2007 Author Share Posted June 5, 2007 To login again after 1 or 2 etc hours or days the answer is cookies. Session are stored on server after closing the browser the session are destroyed. Better to use cookies for your situation. Sorry.. This isn't about Session Vs. Cookie. It is about Session Vs. Database. Which would be a better way for instant pop3 login after they login to my site? Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/#findComment-268134 Share on other sites More sharing options...
mmarif4u Posted June 5, 2007 Share Posted June 5, 2007 Ok if u want to login ur user automatically to gmail or other from ur site when they login to ur site, Its better to store it in the db , with thier details when they login to ur system a query will search for that user in the session table in db if exists he will go directly to gmail or others. May it will help u, storing in db is better than sessions. Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/#findComment-268137 Share on other sites More sharing options...
The Little Guy Posted June 5, 2007 Author Share Posted June 5, 2007 Would you suggest that I store encrypted passwords in sessions? I know storing passwords in sessions isn't safe, but what if they are encrypted? Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/#findComment-268479 Share on other sites More sharing options...
per1os Posted June 5, 2007 Share Posted June 5, 2007 Encrypted is just fine. What I would actually do, this is just me speaking, is have a has generated by the username + the encrypted password. IE: <?php $_SESSION['user_hash'] = md5($username . $encpassword); ?> Just for further security, as most people think that the hash is just the users password. Just remember for verification purposes you have to include the username or id in the hash part. That is actually a really good idea, I may implement that =) Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/#findComment-268513 Share on other sites More sharing options...
trq Posted June 5, 2007 Share Posted June 5, 2007 Your not going to be able to use md5 though unless gmail expects you to send them an md5'd password. Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/#findComment-268518 Share on other sites More sharing options...
The Little Guy Posted June 5, 2007 Author Share Posted June 5, 2007 Your not going to be able to use md5 though unless gmail expects you to send them an md5'd password. I didn't think md5 would work either. What if I created my own encrypt and decrypt functions, and only the passwords could be encrypted/decrypted through my website, unless you knew or have the functions to decrypt/encrypt the passwords? Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/#findComment-268528 Share on other sites More sharing options...
per1os Posted June 5, 2007 Share Posted June 5, 2007 Yea, that would work for decryption. I used to know this SHA1 decryption function a long long time ago. I have yet to ever find it again. But yea that should work if you can create the functions to do so. EDIT: This is not the same function I used along time ago, but maybe this will help, I would just suggest modifying it a bit so no one has the exact same code: <?php session_start(); function get_rnd_iv($iv_len) { $iv = ''; while ($iv_len-- > 0) { $iv .= chr(mt_rand() & 0xff); } return $iv; } function md5_encrypt($plain_text, $password, $iv_len = 16) { $plain_text .= "\x13"; $n = strlen($plain_text); if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16)); $i = 0; $enc_text = get_rnd_iv($iv_len); $iv = substr($password ^ $enc_text, 0, 512); while ($i < $n) { $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv)); $enc_text .= $block; $iv = substr($block . $iv, 0, 512) ^ $password; $i += 16; } return base64_encode($enc_text); } function md5_decrypt($enc_text, $password, $iv_len = 16) { $enc_text = base64_decode($enc_text); $n = strlen($enc_text); $i = $iv_len; $plain_text = ''; $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512); while ($i < $n) { $block = substr($enc_text, $i, 16); $plain_text .= $block ^ pack('H*', md5($iv)); $iv = substr($block . $iv, 0, 512) ^ $password; $i += 16; } return preg_replace('/\\x13\\x00*$/', '', $plain_text); } /******************************************/ $plain_text = 'very secret string'; $password = 'very secret password'; echo "plain text is: [${plain_text}] \n"; echo "password is: [${password}] \n"; $enc_text = md5_encrypt($plain_text, $password); echo "encrypted text is: [${enc_text}] \n"; if (!isset($_SESSION['enc'])) { $_SESSION['enc'] = $enc_text; }else { $plain_text2 = md5_decrypt($_SESSION['enc'], $password); echo "decrypted text is: [${plain_text2}] \n"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/54184-where-to-store-login/#findComment-268547 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.