Closed Thread Icon

Preserved Topic: user authentication (Page 1 of 1) Pages that link to <a href="http://ozoneasylum.com/backlink?for=12868" title="Pages that link to Preserved Topic: user authentication (Page 1 of 1)" rel="nofollow" >Preserved Topic: user authentication <span class="small">(Page 1 of 1)</span>\

 
DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

posted posted 08-26-2003 00:09

I need a little direction.

I am at a stage where I need to require a login for a certain section of a website. I have done a bit of reading, and have managed to confuse myself pretty well. =)

What I would like to know is what method(s) you guys would recommend for this.
Should I use .htaccess?
Should I use a PHP script? If so, which way? I've read about ways with sending headers and using a system generated dialogue, or using html forms, and sessions, etc.

I'm not looking to have it done for me, just some suggestions on what direction I should go and why...

Thanks =)



mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 08-26-2003 00:18

For simplicity sake, I recommend .htaccess ...


Slime
Lunatic (VI) Mad Scientist

From: Massachusetts, USA
Insane since: Mar 2000

posted posted 08-26-2003 00:29

.htaccess is simple and reliable. Plus, it presents the user with a log-in dialog that they might have seen before, so there's no confusion on their part.

As for security, I assume that's not acheivable without a secure HTTP connection, but I don't know the details about all that.

DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

posted posted 08-26-2003 00:41

I'm not overly concerned with security - we're not dealing with credit card information, or anything sensitive like that.

I would like to be somewhat confident that people can't just walk in and screw with the database though...

I have a simple .htaccess login setup now.
Is there a way with this method to be able to output on the page the username that was used, and for a logout and all that? I don't need that, I am just curious...

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 08-26-2003 01:01

Username of currently logged user is stored in "REMOTE_USER" server environmental variable. For example, in PHP you can do the following:

<?=$_SERVER["REMOTE_USER"]?>

Optionally, PHP provides two special variables for dealing with user authentication ($_SERVER["PHP_AUTH_USER"] and $_SERVER["PHP_AUTH_PW"]), but more about them can be found in the manual.

The most common way (which doesn't involve any server-side scripting) of logging out is by closing web browser window where password was entered. If you want to provide a "LOGOUT" link (or similar), you'll need to write appropriate server-side script (in PHP, for example).


DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

posted posted 08-26-2003 01:05

Thanks Max =)

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 08-26-2003 13:24

on a side note, you shouldn't store the passwords on the server.
.htaccess doesn't (it does store crypted() version of them, and compares a crypt() of what the user enters with the stored value).

That way, even if someone grabs the database, she still doesn't have an easy go on the passwords (though even a md5 can be broken... in time. there are 4 billion possible md5s. you need an input that produces one. Enjoy waiting?)

DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

posted posted 08-26-2003 17:42

The passwords are currently store in a .htpasswd file. Someone suggested that would be the way to do it

« BackwardsOnwards »

Show Forum Drop Down Menu