Secure Place To Store Login Info And How To Login With It
I had an idea to store my login code: ftp_login... in a separate file outside of the public_html dir and set full permission (777) to it.
1. Is that safe?
2. How do I call this function from inside another file?
function Login()
{
$connection= ftp_connect('ftp.me.com');
return ftp_login($connection, "me", "pass");
}
I was hoping to return connection but I don't know how to send pointers in php.
View Complete Forum Thread with Replies
Related Forum Messages:
Where To Store Login
If I were to have people log on to email sites such as gmail, would it be best to store their login and password as a cookie on their computer, or encrypted in my database, then decrypt it when they log on to my site so it automatically logs them in to gmail?
View Replies !
Secure Login?
I've been working on my own script and I just want to make sure that this login function is secure and can't be hacked by sql injections or other methods, Code:
View Replies !
Best Way To Do A Secure Login?
i was just wondering what is the best way to do a secure login? because i have been using PHP sessions but i recently found out these are quite unsafe, even after people telling me they are quite secure. I was just wondering if anyone has a truely secure login, as with sessions, session spoofing is quite easy to do and also all session data is store in the tmp folder for anyone to read.
View Replies !
Secure Login
I want to ensure the user name and password is transmitted over a secure (SSL) connection so I have a simple login page covered by SSL. How can I then, using PHP, set the .htaccess username? Also, going the other way, if I use .htaccess authentication, how can I access the username provided? Can the .htaccess process be set up over an SSL connection?
View Replies !
Login Secure
Mysql and php. At present my login form sessions the username and password and all the pages that i want securing just check that both the username and password sessions are set (isset), if not then the page displays the login form. Is it better to check the session data against the info in the database on every page instead? (obviously using the include page)
View Replies !
Login - How Secure?
I am not very well read on security when it comes to php so I am not sure how secure the following scenario would be. With the site I am currently working on I want to have a login form. There will only be two people logging on to the site (myself and my girlfriend, although she will be loggin in very seldom I image). Instead of connecting to a database to get the username and passwords, is it safe to just have them hard coded into the php to check and see if the given values match? Its not a huge concern as it is just a site I am creating for our future wedding.
View Replies !
Secure Login Caching?
I am using the following session functions at the top of each protected page: session_cache_limiter('private'); session_start(); the problem I am having, is i find if the customer just clicks refresh, it will not update the info on the page from the database. I have to actually hold crtl and click refresh to do a complete reload of the page. Is there anyway around this? What is the best way to cache "secure" pages?
View Replies !
Looking For A Secure Login Script
I want to give people that advertise on my site a login so they can edit their own ads. For example, john_smith wants to log into his Burger_Eater restaurant account and update the menu for the week. So he opens the sponsor section of my website and is greeted by a username/password login. I could use .htpasswd password for every user but this could become quite cumbersome and I would prefer to not scare any users with popups. So I am looking for a php/mysql solution. If someone knows of a great open-source script that I could, if nothing else, study for ideas that would be very helpful. Otherwise, any tips for encrypting the password into the database and how to send the user his original password. Should I be sending passwords over email? Since, no doubt, many of you have already been through this, maybe just a link to a great tutorial or some personal tips would be enough.
View Replies !
Secure Directory Login Using Php In IE6
Hi, I'm pretty new to php. Does anyone know how to login to a secured directory using php? I can get it to work when the site visitor is using mozilla, but IE will not allow a login due to the url spoofing fix. I want to do it this way so I can disable autocomplete at the login page. code I have is as follows:
View Replies !
Secure Login System
I need a login system for some 'private' pages. Users should be pulled from a mysql DB. Now, i've read a lot on login systems, and somehow there's _always_ the discussion with sessions (hijacking), dynamic IPs/Proxies. One hand sessions on itself aren't secure (if in default tmp folder) on the other hand, validating by IP would lock out a lot of users. Now, what i wonder is, WHAT SHOULD I DO? I really don't know where to start anymore because there are so much do's and dont's on this ...
View Replies !
Secure Login Tutorial
I'm looking for a secure login script for a sort-of-community site... (PHP, MySQL, sessions, or maybe something else ... ) I know there are a lot of scripts out there, but none of them really seem secure, or have other kind of flaws (like IP based login etc.). Why i'm asking here, is because there's experience out there, and i hope experience can tell me what my best shot is. I'm aware that i will very probably have to do some consessions ... I'm not a PHP-er, but i have some PHP experience ...
View Replies !
PHP MySQL Secure Login
I have a blog. Stored on a MySQL table. I have no problems accessing the information in the database, not problems displaying it or formatting it. My question is, If I have just used the database username and password in the php in the document, could a person not simply use a download program to directly download my php file and retrieve the username and password? What's the best way about doing this securely?
View Replies !
Creating Secure Login
using php i have created (mostly - it's in working order.) a secure login script that does not use a DB. i store usernames and passwords (as well as any other peice of info) in a .php file (re-writing the file on user creation / updates). it is not very large - requires a few files to load - my question to everyone now is would anyone else be interested in this script? or am i just wasting my time trying to make a login without a db?
View Replies !
How Secure Is My Login Code?
I've recently had ppl trying to access my site by playing around with their cookies and setting $_SESSION['user'] to some random username... but my code checks both the username and password in the cookie and compares them to the row in the database on each page visited. But I just would like to know, should I make this more secure than it already is? And if so, how. Or is it enough to keep ppl from logging in "illegally" Code:
View Replies !
Secure Page Login?
I'm a newbie and learning using a php book and Sam's PHP, mysql and apache. The following is on a test site and the db has only user auth info. This accesses a test page. Can anyone see any issues? When I login in it directs back to the Login page per code for an invalid username and password.
View Replies !
Secure Register / Login
I am building my own login/register script with php 5 and mysqli database. It works fine but there are sucrity related problems: - the input is not checked at registering - there is no protection to stop registering over an existing user - the input is only strip_tags filtered cuz I don't know other way's to filter -more more more The little help I need is little script that checks for length, valid characters, html/php/sql commands, already existing users Code:
View Replies !
Forum (with Secure Login)
I'm attempting to design a website that displays employee schedules and provides employees with a forum to chat... but, it needs to have a login screen so that ONLY employees with passwords can access the site. And basically, I NEED a template for it because my time is extremely limited, I've looked for PHP templates but I think I'm looking in all the wrong places!... anyone have ANY ideas..
View Replies !
How To Create Secure Login
But once I'm at the login page, how do I code the html form? I assume I will need a database like MySql to process the authentication. I plan to use email addresses as usernames and a 6 to 10 character password - pretty standard... I have a MySql database set up, but how do I use it for authentication? Can anyone point me to an example of basic authentication with php/MySql?
View Replies !
Secure Login Script
im looking for a link to a secure login script in php or a link to a tut that will teach be how to make this please, i would prefer it to be the tut and if it had email verifiction that would be great.
View Replies !
Is It Secure To Use $_SESSION In A Login Script?
Im trying to make my own login script, which works, but im afarid that the security is at the lowest. When a user logs in a store the user_id in $_SESSION['user'], then i use that session variable to see if the user have logged on. For example if(isset($_SESSION['user'])){ echo "Welcome";} To me it seems that this is to simple to be secure. What do you guys thing?
View Replies !
Secure Session / Login Data
I have a login form that uses 5 sessions. Each page then checks to see if each session is either active or a specific value. Is this a secure method, since I have no ability to use .htaccess methods.
View Replies !
Secure Login And User Registration
I have 2 problems. 1. how am I going to get the unencrypted password when a user is registering to store in the db. 2. how am I going to get the unencrypted password to use with crypt so i can compare it with the crypted password in the database..like this crypt($pass_entered_from_login,$crypted_pass)) == $crypted_pass
View Replies !
Secure Login Area For Documents
I built a login area with a document manager. It works great and all and all the pages are secure. My question though if the pages are protected by php and you can't get to them, how do you keep someone from linking to the document directly. Since the document is not going to process the php and check for credentials when they put in the direct link to the document.
View Replies !
Login Failure On Secure Website
I have a website that has a secure area to view data and any login does not work anymore. I had another problem in that I was not able to upload and then view data that is displayed in this area and attempted to clear out all the data thinking had reached some sort of limit and after clearing out this data the secure login no longer works. My question is where would the username/password be stored for the logins (emailaddr/password form)? I believe I have managed to get rid of the whole directory structure that the .htpasswd file lived in as I found a link to a location that no longer exists but do remember that the uploads lived in this area too.....DOHHHHH I know but i am a novice and a little bit o knowledge is dangerous. I am still able to SSH in and access email etc so all is not lost but would aprreciate some help in making it semi operational again.
View Replies !
Check Login Info
I have a MySQL database which stores intranet user data (name, username, password (encrypted), department) is the following is the following a viable way of verifyin the login select count(id) from table where (username='username') and (password='encytpedPassword'); if the record exists, i should get 1 as it should be the only username in the database and also i am not returning any data from the database until the count(id) = 1 and then run another script to retrieve the required data at another point. is this overkill?
View Replies !
Remote Login & Extract Info
Is it possible in PHP to login to a let's say e-mail client, news group etc and extract info? Also is it possible to login & go to a certain page and extract info?
View Replies !
Script For Tracking IP Numbers & Login Info
I have a friend with a commercial website. She sells monthly access to the site (no its not what you're thinking!) where members are allowed to download files that she creates. Recently her bandwidth usage has gone way up, but not site membership. At first she suspected someone was hotlinking to images on her site, but her Website host said that wasn't happening. Now she suspects some members are sharing their usernames and passwords with other people. She doesn't know much about php or other scripting so I told her I would try to get some info for her. Basically, I think she just needs a script that will log users IP and login info each time they log in to the site so she can track usage of individual usernames and she if they are being used by multiple IP numbers in varying locations. Can anyone point me in the right direction to find such a script? and directions on how to use it.
View Replies !
Login Problem - Can't Login(login Is Done In Index.php)
This is origially PMsys, I have edited it, and here is what I have done with the original replace all $_COOKIE into $_SESSION changed all setcookie() into session_start() and defined those $_SESSION now the problem is I can't login(login is done in index.php), does anyone here got an idea why? I uploaded the whole pakage, but I think you only need to look at index.php and include/global.php.
View Replies !
User Authentication -- Displaying Info Based On Login
I would like to display the database info based on the user's login. I am getting the following error: Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' $sql = "SELECT $_GET['user_id'] FROM table_auth_user"; $query = mysql_query($sql); while($row = mysql_fetch_array($query)) { echo "".$row['user_id'].""; echo "<br /></div>"; }
View Replies !
Login Into Yahoo Finance To Get And Parse Stock Info? CURL?
I need to get to my stock watch list and parse some stock qoutes for my personal watch/alert program I am building, So I have to goto my 8th portfolio... http://finance.yahoo.com/p?v&k=pf_8, but it needs my username/password combo before going in (i already have these of course but want a way to get 'into the' page via php). how can i pass these in, and get the HTML contents of the page, which once in a variable i know how to cleanup and parse? I think i read something about cURL and i was wondering if someone could help me with a quick n; dirty example on what to use.
View Replies !
Login Lgout And Login Without Closing Session Gives Redirection Error
I am stepping through a text book that sets up different websites. The one I am testing is user registration. I set up the scripts and this is what I observe: Login (verifying against a mysql db) - no problem. Logout - no problem. Close the browser and try again - no problem. Login > Logout > Login WITHOUT closing browser I get: An error occurred while loading http://login.php when it should redirect me to http://localhost/index.php. I read somewhere on the news group that the header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname ($_SERVER['PHP_SELF']) . "/index.php") (in my example code) is called once and so the error? The logout.php destroys the $_SESSION variables, session itself and any cookies so I thought it would be "like new" the second time around? It appears to be linked to sessions but don't know enough to know how to correct.
View Replies !
Login Script Doesn't Display If The Login Is Correct Or Incorrect.
Below is the script I am using for my login page. It doesn't display if the login is correct or incorrect. All it does is clear the username and password box when I hit submit. I want it to display an error message if the login is incorrect and if it is correct redirect them to their own web page. I am putting the MySQL connection script in the header of the login.html is this wrong? Can someone please give me some pointers on how to get this script working? <?php session_start(); $username = $_POST['username']; $userpass = md5($_POST['password']); $sql = "select * from usertable where username='$username' and password='$userpass'"; $result = mysql_query($sql); if (mysql_num_rows($result)!= 1) { $error = "Login failed"; } else { $row = mysql_fetch_array($result); $_SESSION['username'] = "$username"; $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; header("Location: h*tp://www.w-------.com/$row['USLP']"); } ?>
View Replies !
Session Based Login Script Re Login Problem
I have built this login script, it logs u in and shows the first page... i have built it to be require()'ed, when i have required it from a browser script i made it loads the front page, then when i ask for browser.php?edit=file.html It then asks me to re login and takes me back to the front page! PHP Code:
View Replies !
Create A Separate Page With One Login That Let's Me Login To All Of The Sripts At Once?
I'm building a website using various php scripts from I found on hotscripts. Because I'm not much of a programmer myself I'm using a separate script for the blog, another one for the links section and a different one for the gallery and so on. The downside to this is that I have to login on a separate page to update the gallery and another page to update the blog and so on. Is there a simple way to either remove the need for a login for all the scripts and just create a separate page with one login that let's me login to all of the sripts at once? Or if there's a script that can kinda save the passwords and logs in for me?
View Replies !
Authenticate The User With The Login.html, Login.php.
I am setting up a registration/login for my website with PHP and MYSQL. I have a register.html, register.php & a login.html, login.php. I can successfully register a user (using register.html, register.php) into my database. Now, I am trying to authenticate the user with the login.html, login.php. When I try to do so, however, I always recieve my error message "failed." It will not authenticate (despite several attempts of logging in with the same username and password of that which is in my database.) Code:
View Replies !
Hiding Login & Password Fields After Login
I am hoping to do the following, the homepage shows a username and password field. Once the user enters a scucessfull login, these fields are removed. In order to achieve this, must the page be based on one big IF ELSE statement? so... If user logged in hide username & password fields Else show page with username and password fields? OR is this acheived by redirecting the user to a page that is not the homepage after a successfull login? so... the user would login sucessfully and be redirected to a homepage identical to the one with the fields but will have the username & password fields removed?
View Replies !
Main Page Login = Forum Login
This is going to be a website for a club im in at University. Now, I only want members of that club to be able to register. The problem is that they pay a member fee. I want to know a way that when they pay me the fee (in person) I can give them a unique confirmation number from which they can register properly (sorta like a CD-Key). Code:
View Replies !
Login Script Forcing Me To Login Twice?
I have built a login script and for some strange reason its forcing me to login twice. Not saying the user/pass is wrong first time, it moves the headers fine, it just show the old page with the login any ideas? Code:
View Replies !
Login Page Not Redirecting After Login
I've used this same snippet of code in other login forms without a problem (with some slight modifications from script to script) but this one seems to baffle me. Basically it takes the login and validates the entries (validation works, error messages display if left blank), then checks the database for a match. If there's a match then it is supposed to forward the person onto the proper page using the 'header' function. Problem is it's not. Basically it's reverting back to the 'index.php' page (login page) and the display is completely blank. Here's the code for index.php: Code:
View Replies !
Email An HTTPS Address With Encrypted Login For Users To "Click And Login"
I have developed a web site that monitors the state of the user's routers (UP/DOWN & WHY) it has the usual login web page, since the web site monitors the devices and sends emails when there is a problem, i wanted to send an email with an embedded https link, where the user could click and be directed straight onto the web site, without the need to login.
View Replies !
Mail Server - Use My Page Login For The Mail Login User Is Stored In $_SESSION
I have a problem and no time to google it and i hope someone will guide me. I have a linux server (slack10) php/mysql and a website where you can create accounts and login. i need to install a mail server with a web interface, i need to have a script that creates automaticly an email account when my page creates an account and a way to use my page login for the mail login user is stored in $_SESSION and the mail will be shown in iframe any sugestions?
View Replies !
|
TRACKER
