Topic awaiting preservation: How to Script "Remember my password on web pages" (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=22801" title="Pages that link to Topic awaiting preservation: How to Script &quot;Remember my password on web pages&quot; (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: How to Script "Remember my password on web pages" <span class="small">(Page 1 of 1)</span>\$

Fikzy Neurotic (0) Inmate Newly admitted From: Insane since: Aug 2004	posted 08-03-2004 19:31 Hi, I would like to be adviced on any information helping or linking me to how i can script the "Remember my password" function ussually found on pages with login forms on web pages or portals. I would like information on using javascript or JSP or PHP to write this script. this is actually my fist time ussing a forum. please pardon me of any error in my mode of presenting my proplem. thanks I can be reached at fikzy@programmer.net for futher assistants. (Edited by Fikzy on 08-03-2004 19:33)
WarMage Maniac (V) Mad Scientist From: Rochester, New York, USA Insane since: May 2000	posted 08-03-2004 21:40 You will probabally want to look at using cookies to store the fact that the user has logged in. A good way to make sure this works properly is to send the user a random hash everytime they login and to then store the current hash in your "users" table in your database. When the user comes back to the site and has a cookie set that says that they are logged in you would also ask for their random hash, if it validates then they should pretty much be the correct person. You don't want to store some stupid value like "loggedin=yes" because that is easy to break, this is why the hash needs to be stored as well. It is harder to forge a random hash. This doesn't mean things will be totally secure. You can always copy a users cookies and use them to gain access, or even hijack the session to gain access. But, the above is probably the route you will want to take for most situations that are non-critical. Good luck. Dan @ Code Town
H][RO Bipolar (III) Inmate From: Australia Insane since: Oct 2002	posted 08-05-2004 03:01 I did this lastnight, works a treat! I was previously only storing a username and the logged status in the cookies (dont worry it was only for learning how to do it) but i added the random hash. To make it more secure, what you could do is when the user logs out, delete the random hash from the table and make it blank. this way if they have logged out but someone copied the cookie it wont matter. I have nfi about hijacking sessions tho, maybe ill look into it
Fikzy Obsessive-Compulsive (I) Inmate From: Insane since: Aug 2004	posted 08-09-2004 17:26 Thanks Guys. But I an quite new to Scripting. i can Add a Cokiie perfectly to a machine, but the problem is the random hash you guys are talking about i dont know how to add a random hash. or does the ramdom hash means that i should generate ramdom caracters and store? I will probably appreciate a sample code on how to do that. please forgive me of all incompetence. Thanks
WarMage Maniac (V) Mad Scientist From: Rochester, New York, USA Insane since: May 2000	posted 08-09-2004 19:43 Yeah the random characters and store. What is a simple way to make the hash is to have a little random generator that creates a string and then run the md5() php function on the string to get a good value. Dan @ Code Town

Topic awaiting preservation: How to Script "Remember my password on web pages" (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=22801" title="Pages that link to Topic awaiting preservation: How to Script &quot;Remember my password on web pages&quot; (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: How to Script "Remember my password on web pages" <span class="small">(Page 1 of 1)</span>\$

Fikzy
Neurotic (0) Inmate
Newly admitted

From:
Insane since: Aug 2004

posted 08-03-2004 19:31

Hi, I would like to be adviced on any information helping or linking me to how i can script the "Remember my password" function ussually found on pages with login forms on web pages or portals. I would like information on using javascript or JSP or PHP to write this script. this is actually my fist time ussing a forum. please pardon me of any error in my mode of presenting my proplem. thanks

I can be reached at fikzy@programmer.net for futher assistants.

(Edited by Fikzy on 08-03-2004 19:33)

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted 08-03-2004 21:40

You will probabally want to look at using cookies to store the fact that the user has logged in. A good way to make sure this works properly is to send the user a random hash everytime they login and to then store the current hash in your "users" table in your database. When the user comes back to the site and has a cookie set that says that they are logged in you would also ask for their random hash, if it validates then they should pretty much be the correct person. You don't want to store some stupid value like "loggedin=yes" because that is easy to break, this is why the hash needs to be stored as well. It is harder to forge a random hash. This doesn't mean things will be totally secure.

You can always copy a users cookies and use them to gain access, or even hijack the session to gain access.

But, the above is probably the route you will want to take for most situations that are non-critical.

Good luck.

Dan @ Code Town

H][RO
Bipolar (III) Inmate

From: Australia
Insane since: Oct 2002

posted 08-05-2004 03:01

I did this lastnight, works a treat! I was previously only storing a username and the logged status in the cookies (dont worry it was only for learning how to do it) but i added the random hash.

To make it more secure, what you could do is when the user logs out, delete the random hash from the table and make it blank. this way if they have logged out but someone copied the cookie it wont matter.

I have nfi about hijacking sessions tho, maybe ill look into it

Fikzy
Obsessive-Compulsive (I) Inmate

From:
Insane since: Aug 2004

posted 08-09-2004 17:26

Thanks Guys. But I an quite new to Scripting. i can Add a Cokiie perfectly to a machine, but the problem is the random hash you guys are talking about i dont know how to add a random hash. or does the ramdom hash means that i should generate ramdom caracters and store? I will probably appreciate a sample code on how to do that. please forgive me of all incompetence.

Thanks

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted 08-09-2004 19:43

Yeah the random characters and store. What is a simple way to make the hash is to have a little random generator that creates a string and then run the md5() php function on the string to get a good value.

Dan @ Code Town