PDA

View Full Version : Login Box



tacmig99
10-19-2006, 10:02 PM
How would I go about taking the quick login box found in forums and add it to my website home page? Keep in mind I know near nothing about SQL, infact I only posted in this area because I figured I'd have to extract the info from my forum's MySQL Database.

djr33
10-19-2006, 10:09 PM
If you want this, and you don't know SQL, then I would suggest learning.

Generally.... php gets the values sent by the form. Easy.

PHP calls the database and checks if the where the user= username sent through form, the password matches the sent password.
If so, correct login.

Also, you'd need a register function, but it goes on the same ideas.


Using md5() (a php function) on the password before being stored (and then before comparing to the stored value) creates a secure encoded string that will match if the same string is encoded with md5, but can't be reversed. It's a bit complex to understand at first, but this is big for security, and privacy.

codeexploiter
10-20-2006, 04:54 AM
If you are looking for a user management system in your site then you can implement that using two different things:

1. Using Files

2. Using Databases

1.This is the earlier method before databases comes into practice. You'll get some applications still using file system for their data storage. But this has its own problems so developers started using databases.

2. Databases provides consistent data storage that can be accessible for the users concurrently. If you want to manipulate the database there is a universal language called SQL - Structured Query Language using which you can communicate with your database.

To implement the user management part you need a server side language. Now all the popular server side technology supports database intereaction.

As djr33 mentioned in his post it is better if you start learning these things so that you can incorporate the system in your site without any delay.

tech_support
10-20-2006, 10:07 AM
Using md5() (a php function) on the password before being stored (and then before comparing to the stored value)

Then how can we recover passwords?

codeexploiter
10-20-2006, 10:11 AM
Password recovery doesn't required na if somebody complains about losing a password generate a new one, calculate the password hash, store that in the daabase & send the password to the user using email. Thats it

tech_support
10-20-2006, 10:12 AM
I lost my password once and they sent me an e-mail telling me my password, not a new one. Strange...

codeexploiter
10-20-2006, 10:16 AM
That is possible if you store your password as such or using some customized hash mechanisms through which you can regenerate the original password itself.

But that method has a greater problem as if anybody got control over the database either they can view the password directly or they can reverse the customized encrypt function used by the site earlier to keep the password. The cracker can employ a decrypter or a password cracker to get the correct password.

I hope now things are clear

tech_support
10-20-2006, 10:18 AM
That's true.

tacmig99
10-20-2006, 02:52 PM
Thanks for the info but I already know how to use php to do this, what I want to do is take the login box directly from my forum and use the exact same box on my website. So people can directly login to my forum from my website home page, not my forum index.
Thanks anyways, it's always cool to learn more about password encryption, I was told md5 is becoming outdated though.

mburt
10-20-2006, 02:55 PM
Check the code of the forum and copy the form box. It should have something like this:


<form action="the login page" method="post">
<input name="user (might be something else)">
<br><input name="pass (might be something else)">
<br><input type="submit" value="Submit Value">
</form>

tacmig99
10-20-2006, 03:01 PM
Yea... Only problem with that is the fact that this forum has 693 files to look into lol, any type of guess what the filename would be? I'll just search the main files that it could be in for now, thanks for the help.

mburt
10-20-2006, 03:07 PM
Could you give the url to the main page?

Twey
10-20-2006, 03:20 PM
Quote from Wikipedia (http://en.wikipedia.org/wiki/MD5):
In 1996, a flaw was found with the design of MD5; while it was not a clearly fatal weakness, cryptographers began to recommend using other algorithms, such as SHA-1. In 2004, more serious flaws were discovered making further use of the algorithm for security purposes questionable.