Php Authentication

javajenius · Mar 23, 2008

Could someone tell me how to protect a site using php and md5 authentication. I've looked through alot of google pages but i am truly confused. Please explain or give me a link that explains php authentication with md5 (or the most secure way to secure a site with php)

woiwky · Mar 24, 2008

Do you mean HTTP authentication?

If so, this link should answer your questions:

http://www.php.net/features.http-auth

If not, or if that link doesn't help, could you explain more on exactly what it is you want your site to do to authenticate a user? Are you talking about a user registration/login system?

And as for md5, I personally prefer hash('sha256', $str) to it. But to each his own.

tnl2k7 · Mar 24, 2008

If you'd like to password protect a folder, this can be done through cPanel. Login as you usually would and somewhere is an option called Leech Protect. Once you've found it it's pretty self explanatory.

If you'd prefer to use a custom script to do it,this might help.

LHVWB · Mar 24, 2008

It sounds like you don't exactly know what you want to do.

I suggest that you install a forum or content management system using 'fantasico' from cpanel, and see if any of those systems are what you are looking for.

tittat · Mar 24, 2008

Try moving to a CMS(content management system).Iam using e107.Almost every CMS have its own inbuilt authentication system,which will helps you from the hassles of creating your own.

javajenius · Mar 25, 2008

Do you mean HTTP authentication?

No, thats insecure.

If you'd like to password protect a folder

Still http basic auth.

forum or content management system

I need to build my own for the control panel =(.

Is no one good enough at php to help me secure some folders...

woiwky · Mar 25, 2008

What exactly do you mean by "secure folders"? Furthermore, what exactly is it that you plan to store in the folders? It sounds to me that you're looking in the wrong place for what you want. PHP is just a scripting language, not a server.

konekt · Mar 25, 2008

md5($var);
crypt($var, CRYPT_MD5);

...am I missing something?

Jake · Mar 25, 2008

normally you'd just store the password encrypted like $enc_pass = sha1($pass), in order to recognize that a person has entered the correct password you could just have it test the password the user supplies with the encryptions on it to see if it matches the encrypted one stored in a db or file.

you could always make your own hash... if you felt the need for it.

konekt · Mar 25, 2008

Jake said:
normally you'd just store the password encrypted like $enc_pass = sha1($pass), in order to recognize that a person has entered the correct password you could just have it test the password the user supplies with the encryptions on it to see if it matches the encrypted one stored in a db or file.

you could always make your own hash... if you felt the need for it.

I always do multiple encryptions using varied encryption methods (mainly md5 and blowfish). I find using encryptions as hashes for further encryption is really effective... I usually do about 5-8 encryptions, with each encryption lending to the hash of the other. Yes... I am quite paranoid :happysad:

radofeya · Sep 29, 2008

As I know, if u do multilevel encryption will make the possibility of collisions become higher. Such as $hash = sha1(md('hello'));

I'm I right?

freecrm · Sep 29, 2008

konekt said:
I usually do about 5-8 encryptions,

OMG.. lol

seanliu · Sep 29, 2008

try .htaccess if you don't mind not using php
google it

tittat · Sep 29, 2008

Hmmm this thread is of more than six months old and i don't find any good reason to bump this thread back.

Php Authentication

javajenius

New Member

woiwky

New Member

tnl2k7

Banned

LHVWB

New Member

tittat

Active Member

javajenius

New Member

woiwky

New Member

konekt

New Member

Jake

Developer

konekt

New Member

radofeya

New Member

freecrm

New Member

seanliu

New Member

tittat

Active Member

Free Web Hosting

Our Community

Legal