Log-in / browsing rights is pretty complex, I am myself trying to figure
out a good way to do it.
There is what I plan on coding for my website
- User creates account, if he wan't to be logged-in permanently, a
permanent cookie is stored on the client's computer with username and
password only. (maybe do a basic encrypt on password?)
- User gets a request to log-in, where he enters username+password, or
the script read directly username and password from the cookie.
- The script checks the values against the users table of the database.
If everything is ok, then
- The script creates an MD5 digest with the username, password and IP
adress (or whatever combinaison) and writes to a table called "browsing"
the following information: User name, user access level, user IP adress,
login date/time, last page view date/time and the MD5.
- The same MD5 is written in a temp cookie that gets deleted at the end
of the browser session, or the MD5 is passed thru the script pages by an
hidden field or directly in the url.
- When a user browses, it reads the MD5 from cookie or form and compares
to the browsing table to check if the user is logged and have right
permission to view page.
- The browsing table gets cleaned every, let's say, 15 minutes by a
crontab that removes any row where the last page view is more than 15
minutes away. So if a user is static for more than 15 minutes, he'll
have to re-login or if the cookie is set the script will re-log him
automatically.
This way a user that gets the cookie value of user and MD5 can only use
it if he has the same IP adress, and can only use it within 10 minutes
of the last page view from the "real" user.
If anyone has comments on the above, please let me knoe !
Etienne
Erik van Huijgevoort wrote:
>
> The code below is a part of a template that works in combinatation with a
>shop-script.
> I only want member to login. Somewhere I need an escape when login en password are
>not right. Best is a page-jump to the former page. Who can help me. Please keep it
>simple, I am just a starter.
>
> <eval>
> use DBI;
> my $dbh= DBI->connect("DBI:mysql:etc...,{'RaiseError' => 1});
>
> $sth = $dbh->prepare("SELECT member.login, member.password
> member.naam, memeber.adress, member.zipcode,
> wember.town, lidmaatschap.telefoon, lidmaatschap.email,
> FROM member
> WHERE member.login LIKE '$login'
> AND member.password LIKE '$password'");
> $sth->execute();
> @dataarr = $sth->fetchrow_array;
> $login=$dataarr[0];
> $naam=$dataarr[1];
> $adress=$dataarr[3];
> $zipcode=$dataarr[4];
> $town=$dataarr[5];
> $telefoon=$dataarr[6];
> $email=$dataarr[7];
>
> $dbh->disconect;
> </eval>
>
> Thanks in advance, you can also mail me.
>
> Erik van Huijgevoort
> Holland
> [EMAIL PROTECTED]
--
Etienne Marcotte
Specifications Management - Quality Control
Imperial Tobacco Ltd. - Montreal (Qc) Canada
514.932.6161 x.4001
