I figured I wouldn't want to store plain text passwords in the database, but I was considering a "Forgot your password?" option in which it could be emailed. I suppose what I'll do instead is just used the hashed password and if someone forgot theirs, I'll write a random password generator to reset it and mail that instead.

And yes you're right, I will be using $_COOKIE to validate the user when they revisit the page by comparing the cookie value to the value in the database.

As for hashing the username, I was checking out phpBB and noticed when you log in it actually doesn't show your userid or autologinid as plain text so that's why I was considering hashing the username, just for cookie value. Thanks for the insight!

Armando

[EMAIL PROTECTED] wrote:
Shouldn't you have used the $_COOKIE global variable, considering it will be coming from a cookie?

Like so...

if($password_md5 == md5(*$_COOKIE*['password']) {
    echo "password correct";

You shouldn't stored plain passwords in a database - simple as that. As for hasing the username, not really sure there is a need for that.

Thanks

Tryst

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to