« PHP SOLUTIONS: DYNAMIC WEB DESIGN (Best web site) MADE EASY 2.
PHP SOLUTIONS: DYNAMIC WEB (Cool web site) DESIGN MADE EASY no »

Florida web design - PAGES THAT REMEMBER: SIMPLE LOGIN AND MULTIPAGE FORMS

PAGES THAT REMEMBER: SIMPLE LOGIN AND MULTIPAGE FORMS header(’Location: http://localhost/phpsolutions/sessions/login.php’); exit; } ?>

5. At the same point in menu.php from which you cut the code for the form, include the new file like this: Including the code from an external file like this means that there will be output to the browser before the calls to setcookie() and header(). So you need to buffer the output, as shown in PHP Solution 9-2. 6. Add ob_start(); immediately after the call to session_start() at the top of menu.php. There s no need to add ob_end_flush() to logout.inc.php. You don t want to flush the buffer when logging out a user. You could add it to menu.php after the include command, but it s not necessary, as PHP automatically flushes the buffer at the end of the script if you haven t already done so explicitly. 7. Save menu.php and test the page. It should look and work exactly the same as before. 8. Repeat steps 5 and 6 with secretpage.php. You now have a simple, reusable logout button that can be incorporated in any restricted page. Although this file-based user authentication setup is adequate for restricting access to web pages, all the passwords are stored in plain text. For greater security, it s advisable to encrypt passwords. Encrypting passwords PHP provides a simple and effective way to encrypt passwords, using the SHA-1 (US Secure Hash Algorithm 1; for more info, see www.faqs.org/rfcs/rfc3174), which produces a 40-digit hexadecimal number. When encrypted with SHA-1, codeslave turns into this: fe228bd899980a7e23fd08082afddb74a467e467 SHA-1 is considered secure because it s said to be computationally infeasible to work out the original text or to find two sets of text that produce the same number. This means that even if your password file is exposed, no one will be able to work out what the passwords are. It also means that you have no way of converting fe228bd899980a7e23fd08082afddb74a467e467 back to codeslave. In one respect, this is unimportant: when a user logs in, you encrypt the password again and compare the two encrypted versions. The disadvantage is that there is 247
Visit our web design programs services for an affordable and reliable webhost to suit all your needs.

This entry was posted on Saturday, March 1st, 2008 at 3:25 am and is filed under MYSQL5. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply