Trevor1405241530

To answer your questions: 1. I've done server side scripting for three or four years and PHP/MySQL specifically for approximately two. 2. I've put together the site using server sessions, though the part of the site that requires authentication consists on only four or five scripts. Each page that I want to be restricted to unauthorized users includes another page which resembles the following: <?phpsession_start();require_once("Smarty.class.php");if(isset($_POST["username"])) { $username = $_POST['username']; $password = $_POST['password']; $password = sha1("[salt]" . $password . "[salt]"); $users = &DB_DataObject::factory('[userstable]'); $users->whereAdd(); $users->whereAdd("username = '$username'"); $users->whereAdd("password = '$password'"); if($users->find(true) > 0) { $_SESSION['id'] = $users->id; $id = $users->id; }}if(!isset($_SESSION['id'])) { $loginpage = new Smarty; $loginpage->display("login.tpl"); exit;} else { $id = $_SESSION['id'];}?> This chunk of code handles the login process and checks to see if they already logged in. 3. It's described above, but to reiterate, only four or five pages need authentication. They include the chunk of code above. 4. I looked at a few authentication systems and most are just way overkill for what I'm doing. The only one that looked like it might suit my project was the PEAR authentication package, but the solution I have works pretty much the same way (that is, I implement it the same way in the pages that need to be secured). 5. PHP Nuke ain't gonna cut it It's a specialized kind of website and I'm already finished coding the bulk of it. I greatly appreciate your willingness to guide me. It seems to me I've got it working, my only concern is that I might be overlooking something fairly major that would compromise the security of the site. This security system has to eventually reliably keep secure a service that people will by paying for. Let me know if you think I need to fix something, Trevor

Ah ha, that would work great. That sounds like a good solution. Thanks for clarifying!

I agree. MySQL isn't very well suited to a production environment like its commercial counterparts, and if you're looking for an easy quick and dirty database, look at SQLite. It's considerably faster than MySQL.

MySQL is not the best. It does great for most people, but it's not very well suited to the two types environments it might be used in. Easy quick and dirty database. SQLite is much faster and better suited to a quick, dirty, easy database environment. Big mission critical production environment You're better off with PostgreSQL, or a commercial database like SQL Server or Oracle.

Every article I've read on the internet so far suggests using MD5 or SHA1 to "encrypt" passwords in a database, but MD5 and SHA1 are hashing functions; they only go one way. So then how do I let users know what their password is if they forget it? I suppose I need a two-way encryption method, right?Can somebody please tell me what the easiest way to solve my problem is with PHP and MySQL?Thanks,Trevor

I don't think Firefox is that great. It seems to me all the geeks of the world have switched to Firefox just to be different (though if that's your reasoning, I'd say you've failed). There's no doubt it's a significant improvement over Internet 6 and lower versions, but I think there's a number of better alternatives. Opera Opera has every single feature that Firefox boasts i.e. tabbed browsing, popup blocker, perceived security, etc. Although I can't personally verify that Opera is faster, more efficient, and less of a memory hog, I've read that that's the case. Netscape I've used the new Netscape briefly, and it seems to me to be just as good as Firefox and much more feature rich. It has obviously lost lots of popularity since the 90s, but the newest version seems pretty good to me. IE 7 Microsoft has remedied every complaint I had with Internet Explorer 6. Internet Explorer is quick, has tabs, and renders web pages really well. I think that's what I will be using in near future. Do some research on Firefox myths and I think a lot will agree with me.