Password Protected Login Page?
I am looking to create a login page that allows users to enter a username & password and once they have put in the correct info, it will bring them to their specific webpage. I don't know the best way to do this and would like to somehow not have the password info available in the coding on the page. Any ideas?
- molasses2Lv 51 decade agoFavorite Answer
You want to mix a scripting language with a database. I highly recommend PHP and MySQL, and there are tons of web resources on how to do what you want. I personally like to have a good ol' fashioned book. This is one of many good ones: http://www.amazon.com/gp/product/032152599X/ref=pd...
- 1 decade ago
lets take PHP5 for example.
Write a script that reads from a database or a flat file if you wish. Flat file databases are considered a security risk and should be kept out of the web servers document tree (usually the public_html, or the www link). Use the post method in the form so you don't transmit the login information via the URL. Try to do it over SSL.
On the server side, where ever you keep your login database, the password SHOULD ALWAYS be hashed by md5 or SHA1. So when you compare the password given by the user and the password in the database, simply hash the password given by the user and it will never have to be displayed in plain text. A word of warning, if a cracker gains access to the hashed password they still have the ability to bruteforce the plaintext password
The last and final defense is, if you must keep your login info within a PHP script, to use Ioncube or ZendGaurd to encrypt the script. The script is still able to execute in its encrypted state. Thuse adding a layer of security through obscurity.
- Anonymous4 years ago