Have anyone reading the description of PHP user authentication system at Wikibooks? http://en.wikibooks.org/wiki/PHP%5FProgramming/User%5Flogin%5Fsystems
Is it good? Secure? Correct?
Have anyone reading the description of PHP user authentication system at Wikibooks? http://en.wikibooks.org/wiki/PHP%5FProgramming/User%5Flogin%5Fsystems
Is it good? Secure? Correct?
There are toons of way to do a user authentication system, so it really depends on what you need. This one looks OK for simple authentification.
However, please note the following code they wrote:
$db = new Database(); // Database abstraction class.
$email_address = $db->esc($_POST['email']);
$password = $db->esc($_POST['password']);
What is important in this code is the Database abstraction class
. It is not linked on the page, maybe somewhere else I do not know, but the most important part of this class is the call to $db->esc()
that escapes and probably sanitize user input. It is very important that you never make any call to the database without sanitizing user input, to avoid SQL injections.
Usually, the "esc" equivalent would use addslashes. But do read the note, where they state that you should database specific escape functions depending on the database you're using (Like mysqli_real_escape_string
for MySQL). Database abstraction class are really useful for that kind of stuff :).
Google php user class and you'll get a decent login class as well.
Link: phpuserclass.com
I've used it on several occasions and it works fine.
I think the wikibooks page is a reasonable, low-level (i.e. no libraries) description of a login system in PHP. There's lots missing, but what's there is complete. But then, I'm biased. ;-)