dongqian7545 2013-03-29 10:17
浏览 10
已采纳

在PHP中识别已记录的用户

I have been reading about logging into, storing passwords and username. Storing password in cookie is BIG NO. So I chose to store only username in cookie, that is fine I guess. I stored it into cookie so I can access it easily and handle "Remember Me" option. But what about password if I want to identify user by SELECT * FROM databse WHERE username='$_COOKIE[]' AND password=''

I was thinking about SESSION. I can store password in session, not safe but fine. But problem is what when user close browser and reopen it. they will stay logged in but session will be gone, so everytime I have to check if there is SESSION[pass] set if not, select it from database and set it.

That is my solution, can anyone suggest me maybe more adequate solution?

Fact is, there is no super secure system and if someone really wants to break into they will succeed.

  • 写回答

2条回答 默认 最新

  • dongshao8125 2013-03-29 10:23
    关注

    You can have a table called remember_tokens that is structured like this:

      id         |         user_id              |        created
------------------------------------------------------------------------
f129ea9c     |            1                 |     2-3-2013 12:31:51
e9ac8aa0     |            2                 |     2-4-2013 08:21:13

    id has some unique id, like a UUID or a randomly generated string. user_id is the id of the user to be remembered. created is when the record was created (so you can log out the user after X time).

    Now, if the user successfully logs in and wants to be remembered, you add a new record with a unique id and his user_id to remember_tokens. You also create a new cookie using setcookie() that will contain the randomly generated id you just inserted.

    Now, when the user requests the site next time, you see he has the remember cookie stored. You fetch that record, check if its not yet expired and use the user_id column to log in the appropriate user. This way, you're not storing sensitive information in the cookie.

    Hope this helps

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 BP神经网络控制倒立摆
  • ¥20 要这个数学建模编程的代码 并且能完整允许出来结果 完整的过程和数据的结果
  • ¥15 html5+css和javascript有人可以帮吗?图片要怎么插入代码里面啊
  • ¥30 Unity接入微信SDK 无法开启摄像头
  • ¥20 有偿 写代码 要用特定的软件anaconda 里的jvpyter 用python3写
  • ¥20 cad图纸,chx-3六轴码垛机器人
  • ¥15 移动摄像头专网需要解vlan
  • ¥20 access多表提取相同字段数据并合并
  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算