Login register scripts needed

Discussion in 'Scripts, 3rd Party Apps, and Programming' started by dg.411518, Jul 15, 2011.

  1. dg.411518

    dg.411518 New Member

    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    0
    need a php script for login register script which works in x10hosting for my site. need a step by step tutorial
     
  2. jfrancis79

    jfrancis79 Member Prime Account

    Messages:
    133
    Likes Received:
    1
    Trophy Points:
    18
  3. essellar

    essellar Community Advocate Community Support

    Messages:
    3,295
    Likes Received:
    227
    Trophy Points:
    63
    That script uses unsalted MD5 hashes and the soon-to-be-deprecated ext/mysql PHP extension.

    MD5 is a broken hash, and should no longer be used for any cryptographic purposes, and using any hash without salting leaves you vulnerable to rainbow table attacks. For reasons discussed in this thread, use of a deliberately slow method for generating your stored hash is much preferable. If there's one take-away to keep in mind, it's that it's not just your site you need to protect. The chances are pretty good that your average naive user is also using the same password on other sites, and it really is up to us to protect our users from themselves.

    Stop using mysql_* -- not only does it leave you open to SQLI attacks, it will start generating errors in a couple PHP dot versions down the line (deprecation errors are slated for PHP 5.5) and will be removed from the language at some point. Use PDO (PHP Data Objects) and prepared statements instead. They've been around for years, there's no longer any excuse not to use them.

    By the way, callumacrae's linked script (hosted on github) in the thread referenced above is a good one -- despite the razzing I gave him for plain-text emailing of passwords (something customers often want even though it represents a distinct vector for attack).
     
  4. LostHorizon

    LostHorizon Member

    Messages:
    43
    Likes Received:
    2
    Trophy Points:
    8
    Hi "essellar",

    Due to the increasing demand for the popular "login PHP/PDO script" (have you ever noticed that once in a while, a question about the script pops up?), so my idea (if it's not TOO MUCH to ask) is that if you, "mission", "callumacrae", or anybody else (whoever's an expert in this, and also, who can find the time) can write (may be not individually, but a joined effort - however you all decide to do it) a working, simple step-by-step tutorial, and put it in the Sticky Threads section of the Tutorials forum (this will also help in reducing the number of questions on the subject later on).

    I know that I, for one, for SURE will be benefiting A LOT from such a script.

    P.S.: If you all decide to go for it, PLEASE keep the codes' explanations SIMPLE, short, right to the point as many of us are not as knowledgeable on the subject as you do (think of it as writing for DUMMIES, myself included).

    Thank you very much.
     
  5. gouri78

    gouri78 New Member

    Messages:
    70
    Likes Received:
    1
    Trophy Points:
    0
    u can use any forum direct and easy
    SMF is best from my views
     

Share This Page