doutu6616 2010-10-20 04:48
浏览 31
已采纳

PHP登录脚本(安全但不像银行金库)

Looking for a php login script. I've searched stackoverflow and have seen a lot of posts, but can anyone recommend the best method? Also, If I want to use hashing, how do you decode the password when retrieving? My iPhone app uses the same database and currently the passwords are stored in normal text (not very secure, I know).

Also, if I implement a login page that redirects to info.php, how do you stop the user from going directly to the info.php page without logging in, Session control?

Look forward to hearing your input. Thanks very much.

  • 写回答

7条回答 默认 最新

  • dongye9191 2010-10-20 04:57
    关注

    This is a great tutorial on login system design. It covers all the major topics in an object oriented manner and is great for learning about the different considerations.

    Decodable passwords are not as secure as they could be, but I've had clients insist that they be able to retrieve and change the password at will, no exceptions. So in some cases I opted to salt a base64 encoded string to store in the database, and that seems to work pretty well. A function exists to encode/decode as needed for the admin user.

    Indeed, session control (and/or cookies) are the method to control access. Building it with an object oriented pattern would allow you to do that with just a line or two of code per page (or a line in a header if it's common).

    My one warning is to consider if you have a common login level or need user-level permissions. It's significantly more work to decide after you've built the site that permissions-based logins are important. It can become a real monster if not planned for in the beginning.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(6条)

报告相同问题?

悬赏问题

  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么