为站点设计登录过程 [英] Designing a Login Process for a site
问题描述
我有一个快速的问题 - 有人请为我查看这个概念吗?
基本上我需要生成一个登录脚本,而时间就在我身边,我想投资自己编写,以便我完全理解并完全控制正在发生的事情。
当访问者申请成员资格时,他们会为自己分配一个经过哈希处理并存储在数据库中的密码。我没有,也不想记住我(保持登录)功能,在现代浏览器的时代,这似乎有点无意义。除此之外,我已经计划了登录过程,并希望有人可以指出任何缺陷。
每页顶部是登录表 - 两个文本框和一个按钮。
1)用户完成详细信息并点击登录。
2)登录脚本存储他们当前的页面on。
3)表格是用当前页面作为动作和帖子作为方法写的。
4)我有一个具有密码然后检查数据库的文件。这个文件包含在每个页面的最顶层。
5)如果细节正确,那么他们会在这个过程开始时看到他们所在的页面,登录控件是替换为成员区域的链接,导航栏上的某些项目变为可用。然后我将true存储到$ _SESSION [''isLoggedIn'']。
6)如果细节错误,他们会转到一个页面,其中包含链接上的控件以请求新密码。
我应该说导航由数据库控制,用户详细信息也存储在数据库中。
我知道这是一个高级抽象,即使对于伪代码,但这个过程流听起来还不错吗?
我会非常感谢一些反馈或指点 - 要避免的陷阱,那种事情。
干杯
nathj
Hi,
I have a quick favour to ask - would someone please check over this concept for me?
Basically I need to generate a login script and while time is on my side I want to invest in writing my own so that I fully understand and can fully control what is going on.
When a visitor applies for membership they assign themselves a password that is hashed and stored in the database. I do not have, nor do I want a remember-me (stay logged in) function, in the days of modern browsers this seems a bit pointless. That aside, I have planned the process for the login and was hoping someone might be able to point out any flaws with it.
At the top of each page is the login form - two text boxes and a button.
1) The user completes the details and clicks ''Login''.
2) The login script stores what page they are currently on.
3) The form is written with the current page as the action and post as the method.
4) I have a file that hashes the password and then checks the database. This file is included at the very top of every page.
5) If the details are correct then they see the page they were on at the start of this process and the login controls are replaced with a link to the members area and certain items on the navigation bar become available. I then store true to $_SESSION[''isLoggedIn''].
6) If the details are wrong they go to a page with the controls on a link to request a new password.
I should say that the navigation is controlled by a database and the user details are also stored in a database.
I know that this is a high level of abstraction, even for pseudo code, but does this process flow sound ok?
I would really appreciate some feedback or pointers - pitfalls to avoid, that sort of thing.
Cheers
nathj
推荐答案
_SESSION [''isLoggedIn'']。
6)如果细节错误,他们会转到一个页面,其中包含链接上的控件以请求新密码。
我应该说导航由数据库控制,用户详细信息也存储在数据库中。
我知道这是一个高级抽象,即使对于伪代码,但这个过程流听起来还不错吗?
我会非常感谢一些反馈或指点 - 要避免的陷阱,这类事情。
干杯
nathj
_SESSION[''isLoggedIn''].
6) If the details are wrong they go to a page with the controls on a link to request a new password.
I should say that the navigation is controlled by a database and the user details are also stored in a database.
I know that this is a high level of abstraction, even for pseudo code, but does this process flow sound ok?
I would really appreciate some feedback or pointers - pitfalls to avoid, that sort of thing.
Cheers
nathj
已更改线程标题,以更好地描述问题(你知道标题包含三个或更少的单词的线程实际得到FEWER响应吗?)。
Changed thread title to better describe the problem (did you know that threads whose titles contain three words or less actually get FEWER responses?).
你的过程似乎应该没问题。我使用的过程是:
1.用户通过表单提供凭证。
2.处理脚本在用户数据库中搜索该用户名和密码组合。
3.如果代码选择了一条记录,那么用户就会存在,并被重定向到你所在的地方希望他们去。
如果您提交到与表单相同的页面,只需执行以下检查:
[PHP] if(
Your process seems like it should be fine. The process that I use is:
1. User supplys credentials thru form.
2. Processing script searches the users database for that username and password combination.
3. If the code selects a record then the user exists and is redirected to where ever you want them to go.
if you are submitting to the same page as the form just do a check like:
[PHP]if(
这篇关于为站点设计登录过程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
