开发者_如何学JAVA
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this questionWhat is a secured login? How do I develop one in PHP? Please keep in mind that I'm just a beginner in PHP.
I would suggest getting an OpenID solution to incorporate in your website.
For example: PHP OpenID Library
Other than OpenID, this article will give you a good start in the basics of a PHP login
a better question would be : how can call a php login app "secure"?
here are some pointers (i'm quite new to php too, so pls bear with me)
- secure connection (via SSL)
- hashed passwords when stored to database (one-way hashing is recommended)
- validation - make sure that you impose certain character limits (max/min password, username, email, etc), characters are in the format you expect...etc...
here are implementations
- redirect your http://www.site.com/loginpage.php to something like https://yoursite.com/login.php
- hashed password = study md5 hashing with salt or if you want to make your life easier, use phpass( no need for salts, one way hashing, built by a "pro")
- validation - use php's buiilt in validation functions or construct your own regular expressions (or better yet use validation libraries)
sorry to have no links for resources, but google-ing them up is quite easy
A secure login system is typically not much more than giving a user a cookie (see php sessions) and then checking for that cookie on every 'secure' page. A user would obtain this by logging in, which you can do with openid or by storing usernames and passwords.
Only to add to the aforementioned points -
One of the most important things to protect against in php logins and forms that rely on database access in general is sql injection.
Wiki article
Brief example
This most commonly occurs with poorly sanitized inputs. Using mysql_real_escape_string() provides general protection. With the advent of OOP in PHP 5, it's highly advantageous to consider using the PDO extension for PHP to make parameterized sql statements at the point the mysql server executes them.
An explanation and examples of PDO in PHP
精彩评论