How to do that.

Anon

Hello.

Where can I find a tutorial about secure user authentication.

I want to do something like a community which means:

Users can sign up (realized already), and then can login to the site (in order to send sms, flirt, chat etc.). So I need to authenticate the users when they browse the site. Of course they should not have to authenticate on every site... so I pass username and password with sessions to every site the user browses to.

But now: Should I ask my mysql everytime the user goes to another site whether username und password are ok? That would not be very fine. And if I just use a variable: $login which sais yes and no then someone my hack this.

How can I solve this?

(I hope you can send me email) Some links would be enough

alcapone

hey,
I would suggets you read this article http://www.phpbuilder.com/columns/tim20000505.php3 right on this site. It realy covers a lot, even more than I can handle 🙂
cheers,
AlCapone

ame12

In addition to that article, it's worth reading up on cookies. You can encrypt a cookie which can be a short-hand username with some validation info. Each page can decrypt/check cookie for integrity.

Dave

===========================================
http://badblue.com/helpphp.htm
Free small footprint web server for Windows

PHP, file-sharing, Access/Excel transcoding