| One way hashes work good for logins. When the user first registers, the password is hashed. The hashed value is stored in the database (server side). When the user goes to login, the user's password is hashed again and compared with the existing hash on the server.
This code works on session IDs, you don't directly mess with cookies. If you want to be REALLY secure, you might want to read and toy with https, otherwise, one-way hashing is pretty good. Remember, no one sees your PHP code unless they have access (physical or remote) to the server. When someone goes to wtf.com/index.php, the PHP server parses the PHP code and sends only HTML code back to the client. So, your salt or database strings will never be seen.
I assume you know PHP or are learning it - here is the register & login script (along with the dbconnect.php script that is included in these files).
Screw PHP tags - I PM'd them to you.
__________________
In Soviet Russia, Exception throws you!
Last edited by Kallian : 06-24-2005 at 02:05 PM.
|