Comments on: How to make secure login script using mysql? http://www.findistore.com/how-to-make-secure-login-script-using-mysql We are Professional Web Designer. We specialize in Website Design & eCommerce Web Services Wed, 12 Oct 2011 00:03:14 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: bo.echohttp://www.findistore.com/how-to-make-secure-login-script-using-mysql/comment-page-1#comment-1094 bo.echo Mon, 23 Feb 2009 03:31:06 +0000 http://www.findistore.com/how-to-make-secure-login-script-using-mysql#comment-1094 most of the script will be done on the web server (php, asp, or whatever). You just connect to the mysql database to store the information and to compare the entered password to the one in the database. You do not store the password as clear text. You make a Sha-1 hash of the password, store that in the database, then when a person logs in, you do a sha-1 hash of the password they just entered and compare it to the hash in the database. If they match, you let the user in. Now, here is some important stuff. You need to set a cookie in the user's browser to identify them when they move to another page. You give them a random LONG number as a cookie, then add that number to another "session" database that's used to know who has already logged in. When they go to another page, you grab the cookie that they send and see if it is in the "session database". If it is, allow them to see the page. If it is not, redirect them to the login page. When they log out, delete the number from the database and also from their cookie. most of the script will be done on the web server (php, asp, or whatever). You just connect to the mysql database to store the information and to compare the entered password to the one in the database. You do not store the password as clear text. You make a Sha-1 hash of the password, store that in the database, then when a person logs in, you do a sha-1 hash of the password they just entered and compare it to the hash in the database. If they match, you let the user in. Now, here is some important stuff.

You need to set a cookie in the user’s browser to identify them when they move to another page. You give them a random LONG number as a cookie, then add that number to another “session” database that’s used to know who has already logged in. When they go to another page, you grab the cookie that they send and see if it is in the “session database”. If it is, allow them to see the page. If it is not, redirect them to the login page. When they log out, delete the number from the database and also from their cookie.

]]>