eHow launches Android app: Get the best of eHow on the go.

Search
Now in the UK!
  1. Home »
  2. Computers »
  3. Computer Programming »
  4. PHP / MySQL Programming »
  5. How to Create a Secure PHP Login Script
More Articles Like This
More by This Author
How To

How to Create a Secure PHP Login Script

Contributor
By eHow Contributing Writer
(30 Ratings)

If you have a website and want to keep some of the content on it secure against unauthorized users, you'll need a way to let authorized users log in to your system securely. A PHP script (in conjunction with a database management system, such as MySQL) using the PEAR library offers an effective interface between the user and your data.

Difficulty: Moderately Challenging
Instructions

Things You'll Need:

  • User information database
  • PHP running on the server
  1. Step 1

    Use a PHP form to handle logins. At the start of the script, validate the form. Add a check to see whether the user is logged in already. If so, abort the current login process.

  2. Step 2

    Connect to the database. The PHP script will have to include an administrative login and password that can access the database.

  3. Step 3

    Create a pointer to the database instead of letting the script access the database directly.

  4. Step 4

    Check and authenticate the user's login information by using the checkLogin method. Use a combination of user name, password, cookie and IP address for authentication. Store the password and cookie information as hashes.

  5. Step 5

    Allow login through the PHP script. If you choose, this is a good time to update the user's cookie.

  6. Step 6

    Set the session variables by using the setSession method.

  7. Step 7

    Use the checkSession method to authenticate the user's information on every page.

Tips & Warnings
  • Make sure to add error handling at appropriate points in your code (after each check), to deal with the possibility of bad logins.
  • Use good database practices (unique user names, database roles and such) to ensure greater security.
  • Don't use obvious words like "admin" for your login name or "password" for your password. These are not secure, ever.
Resources
Who Can Help
Subscribe

Post a Comment

Post a Comment

eHow Article: How to Create a Secure PHP Login Script

Related Ads

  • See How Others Did It
  • Have you done this? Click here to let us know.
I Did This
Tags
Get Free Computers Newsletters

Copyright © 1999-2009 eHow, Inc. Use of this web site constitutes acceptance of the eHow Terms of Use and Privacy Policy.   en-US Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.

Partner Sites
eHow Computers
eHow_eHow Technology and Electronics