在PHP简单的授权/登录功能 [英] simple authorisation / login capability in php
问题描述
我期待实现用户登录到我的网站的第一次。我很高兴要么建立自己的解决方案,或者实现一些开源的,但没有包已经在我搜索一个显而易见的选择至今。同样,我充分认识到,充其量中间PHP程序员,我极有可能错过了一些东西明显,如果我推出自己的解决方案,并留下了很好的门和真正开放的。
I'm looking to implement user login onto my site for the first time. I'm happy to either build my own solution, or implement something open source, however no package has been an obvious choice in my search so far. Equally, I'm fully aware that as an intermediate php programmer at best, I am highly likely to miss something obvious if I roll my own solution, and leave the doors well and truly open.
有什么建议?我们不是在这里谈论超级敏感或支付数据,但同样,我渴望没有让人们弄乱我的网站!
Any suggestions? We're not talking super sensitive or payment data here, but equally, I'm keen not to have people mess up my site!
的要求是
- 基于PHP的
- 简单越好,不需要花哨花俏
- 不Zend框架,因为我现在已经推出我自己很基本的frameworkthanks到<一个href=\"http://stackoverflow.com/questions/422250/php-framework-or-template-engine-or-something-else\">this帖子
谢谢你的投入。
推荐答案
几个不错的安全性疑难杂症的是
A few good security gotcha's are
- 绝不会存储一个未加密的口令的用户数据库中的
- 绝不会存储用户密码或会话或cookie数据的密码,即使散列。
- 如果您需要有确保登录的就是保证你必须使用https。
- never store the an un-encrypted users password in the database
- never store the users password or even a hash of the password in session or cookie data.
- If you need to have ensure that the login is secure you have to use https.
我发现这些文章很有帮助建立登录系统与饼干:
I found these article very helpful in building login systems with cookies:
- blog post on the fishbowl.
- Improved Persistent Login Cookie Best Practice
这篇关于在PHP简单的授权/登录功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
