Sr. Web Developer
mediabistro.com
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume

Comments for: tim20000505

Message # 1028482:
Date: 06/07/05 23:03
By: surferdude
Subject: RE: security - cookies, sessions md5

hi all

Need some advice really - hope you can help.

Im thinkin of writing a php flatfile database script & would like to know what is the best method to use.

Please not it has to be a flatfile so no sql involved.
Also please dont go into reg globals as they are off! ;0(

i have a flatfile script that saves the session on the server

basically when a member logs in it writes a text file in a dir, when they visit another member page the script checks to see if that session file is there before showing the content.

the only way of distroying the session is to click 'logout' when that is done the file on the server is unlinked (deleted), ending the session & forcing login action.

this is a bit of a pain to be honest and i want to try another bay of creating the session.

so i guess im askin ya'll, which of the following might be the better option

1. setcookies with md5 (is it really secure enough??)

or

2. session_start();

or any others you might know of.

I would also like to know this:

Is it really a good idea to get the users IP address as a form of authorization ??

How whould that work for peeps with dial up modems - am i right in assuming that every time they connect thier ip is diffrent??

so if they registered with

for example

ip = 80:23:54:67

and loged in the next day with

ip = 80:23:78:23

this would force the script to disallow that user from loggin in

hmmmm - my head hurts lol

please help

Previous Message | Next Message


Comments:
user login phpmuzaffer05/13/08 04:09
How to upgrade this code!John MacDowall09/23/07 10:48
How to implement this!John MacDowall09/23/07 10:46
single sign-on for usersIvy08/15/07 06:01
Creating a LogIn System & Search CapabilitiesRitesh Jaiswal08/11/07 05:12
RE: Security Problems + Solutionscarburetor12/20/05 11:17
RE: Error with undefined variables/IndexRamesh Pagar10/11/05 10:41
RE: Add adress, zip code, country and date of birros07/12/05 02:03
How do I integrate this into my site?John Smith06/15/05 15:50
RE: security - cookies, sessions md5surferdude06/07/05 23:03
Passing Data / Submit to DBMike05/07/05 15:21
RE: Security Problems + SolutionsDerek Hinch03/22/05 14:01
How to do final Submit for 3 register pages xl40203/16/05 18:22
PLEASE I NEED CODESAMT02/20/05 09:45
How to create my own session in PHP?Amudhan11/30/04 00:41
RE: Secure??Derek Hinch11/13/04 00:21
RE: Secure??merouane05/15/04 22:45
Needs reworking for globals offPhilip Shaddock05/09/04 11:44
good lessonmrscript12/28/03 21:06
more secureUrban Soot11/07/03 17:55
RE: Security Problems + SolutionsLFTL07/06/03 01:51
"Uncrackable" - CorrectionTim Perdue04/25/03 21:01
Sourceforge and This Codejohnleemk04/17/03 07:56
RE: Security Problems + SolutionsDerek Hinch04/15/03 00:00
RE: IIS vulnerability for this kind of login systDerek Hinch04/14/03 23:46
Self Proclaimed Un CrackableDerek Hinch04/14/03 23:38
RE: Security Problems + SolutionsDerek Hinch04/14/03 23:36
RE: Security Problems + SolutionsMasonry02/26/03 21:46
IIS vulnerability for this kind of login systDennis Gearon02/26/03 13:29
RE: Error with undefined variables... please helpBrent02/11/03 22:38
Its not perfectRoss Clarke01/04/03 18:13
RE: Cannot add header information - headers alreahelping a bit12/27/02 07:59
RE: Security Problems + SolutionsLFTL12/23/02 01:13
RE: Security Problems + SolutionsDerek Hinch12/17/02 22:30
Security Problems + SolutionsRick Blommers10/21/02 03:04
Internet Usage AccountNITIN10/11/02 13:17
How to create a userHow to create a user10/07/02 14:13
I don't think these works any moreDamian Gibbs10/03/02 19:27
Looking for pre.phpJohnV09/30/02 20:48
Adding Credit Card to Login?JohnV09/26/02 00:29
problem with if ($submit)Andreas Frejborn09/03/02 15:31
RE: md5 is NOT secure.Sami08/23/02 22:13
Double or triple md5SinisterShade [n]ice08/11/02 10:08
more secure / timeoutben7708/01/02 12:12
md5 is NOT secure.Derek Hinch07/15/02 20:38
php script for adduser on linux system jake07/15/02 10:13
help add to pagesdwolf07/12/02 22:28
Logging in ProblemPaul Wardzynski07/10/02 04:15
security holeSebastian Bertho07/05/02 10:37
RE: You are logged in as* \ You are not logged inMichael06/30/02 10:56
PHP4 and Global Env VarsWarezMonkey06/21/02 12:39
Access LevelsRajesh06/17/02 08:53
RE: What have I done wrong???Carlos06/14/02 17:15
Combining this system with .htaccess?Torbjřrn06/11/02 14:53
Please change passwrod in changepass.phpshanda06/05/02 07:41
cookie problems?Florian05/31/02 22:28
RE: md5 cracking....might wanna update this tutorkybosh05/23/02 11:22
Include database.php?Samuel L. Diaz Munoz05/07/02 00:32
RE: Cannot add header information - headers alreaJan Lund05/04/02 13:52
SSL? Are you people crazy?Derek Hinch04/29/02 23:52
md5 cracking....might wanna update this tutorDerek Hinch04/29/02 23:47
Cannot add header information - headers alreaalex04/29/02 12:30
mail problemptitprince04/25/02 11:35
problem : setcookieptitprince04/25/02 11:34
RE: What have I done wrong???Andreas04/18/02 04:30
What have I done wrong???Andreas04/17/02 13:59
How can I search for different fields Ava04/13/02 19:22
looking for php e-mail server sourcemuffaddal04/09/02 02:49
a recomendation...Ramon Pineda Vazquez04/09/02 01:08
RE: I don't think it is very securerdo04/07/02 19:18
Creating a users directoryJames04/05/02 21:42
What do I do next?Mehul04/05/02 14:42
Password change using PHPGautam04/05/02 01:38
RE: Code Snippetred04/04/02 19:47
Using an Image?!?! I dont know!!James04/03/02 01:50
Code Snippetheyrad03/28/02 11:44
extending cookie session to apacheLewis Shobbrook03/27/02 17:26
Better authentication...md5 not neccessary.Derek Hinch03/26/02 13:08
RE: Login to a different pageTierra03/26/02 09:03
Login to a different pageCarol03/24/02 16:02
Multiple user with different rightsDenj03/19/02 23:51
Multiple location loginAdrian03/14/02 06:59
What about an admin interface?Arne03/08/02 07:24
RE: Putting users into GroupsMarc02/27/02 20:39
Putting users into GroupsKen Weide02/26/02 12:20
RE: I don't think it is very securePaul Milligan02/24/02 11:32
I don't think it is very secureDaniel02/22/02 14:00
Users that is logged in?Jonny Johansson02/20/02 15:54
RE: What Goes Into Each Page? John Hocking02/19/02 23:07
RE: Header Already Sent - setcookiegmt02/17/02 12:06
What Goes Into Each Page? Randy02/07/02 17:11
RE: E-mailing out of PHPMads Andersen02/05/02 16:19
Get User InformationRiley02/02/02 19:52
Help in setting up.Sharapov01/09/02 22:53
How to get user info for multi client loginAnant12/11/01 20:14
Authenticating using auto_prepend_file Mark Hoover12/10/01 13:39
questionsmohamad mahdi 12/09/01 14:14
RE: Header Already Sent - setcookieKen A12/08/01 13:47
RE: database.php for PostgreSQLDustin Dortch11/26/01 20:52
RE: Big Problem -- FoundDave11/26/01 09:08
Big ProblemDave11/25/01 19:19
RE: Errors with this user auth systemtoby folwick11/20/01 22:03
eeg! what about a flat file?toby folwick11/20/01 22:01
New ErrorsDave G.11/18/01 17:16
Errors with this user auth systemDan11/18/01 02:02
RE: "log in permanently" optionphpbigot11/17/01 12:09
Creating a select option Sean C11/14/01 22:40
RE: lostpass.phpSean C11/14/01 16:51
RE: lostpass.phpwilmoss11/13/01 15:16
RE: Protection Pages!!Ray11/13/01 14:44
RE: Protect your pages this way.... UNSECURE!Eric Hanuise11/12/01 16:52
RE: What now???bryan11/12/01 16:23
RE: lostpass.phpjazz11/10/01 02:20
RE: Add adress, zip code, country and date of birSean C11/07/01 19:04
lostpass.phpSean C11/06/01 20:35
RE: Add adress, zip code, country and date of birLuc11/02/01 17:43
RE: Add adress, zip code, country and date of birSean C.10/31/01 08:24
Help with PHPPhil10/29/01 12:44
This script rocks....Paul D10/29/01 04:09
Improve on a good idea...Benjamin Smith10/26/01 13:06
RE: Header Already Sent - setcookiePreston Stone10/13/01 01:20
RE: MySQLSteven C10/11/01 19:30
Header Already Sent - setcookiekoejkje10/09/01 20:22
RE: MySQLDaniel10/09/01 19:10
RE: Would this work and be secure?Daniel10/08/01 20:26
RE: "log in permanently" optionPreston Stone10/08/01 13:07
MySQLSteven C10/04/01 07:58
RE: Protection Pages!!Preston Stone10/03/01 23:50
RE: Tight security that does not rely on IPsBaruch Even09/28/01 19:19
RE: Dynamic Extension for mor Userdata to inputLuc09/26/01 09:31
RE: How do you actually implement this? - NewAli Driver09/26/01 04:42
Dynamic Extension for mor Userdata to inputFrank Zehelein09/23/01 16:45
"log in permanently" optionPreston Stone09/21/01 09:08
RE: Unix username and passwordstorm09/13/01 07:10
Variable ErrorsJacques Grové09/11/01 06:28
How do you actually implement this? - NewbieJacques Grové09/11/01 05:28
forgot PasswordKang Cypen09/11/01 03:44
RE: fast method.. but very unsecureOOzy09/10/01 23:28
Protection Pages!!Giuseppe09/06/01 11:02
error auth.incRonald Joson08/22/01 15:46
Would this work and be secure?rulian08/17/01 20:50
excellentted08/11/01 10:19
utils.php in authentication app missingHarry Hobson08/06/01 11:13
Can't get if is/not logged in to work.Shadowhunter08/04/01 21:26
RE: Unix username and passwordJesse Charbneau08/04/01 17:06
Web Authentication articleBaruch Even07/17/01 01:29
Tight security that does not rely on IPsMatt07/14/01 18:31
RE: Added securityMatt07/14/01 17:23
RE: Protect your pages this way.....Urs Gehrig07/11/01 04:03
Staying Logged In...marquese07/09/01 14:39
RE: Unix username and passwordJacob06/27/01 23:00
E-mailing out of PHPTroy Delagardelle06/27/01 18:47
RE: Added securityRael Daruszka06/24/01 21:15
RE: Protect your pages this way.....Luc06/24/01 11:21
RE: session variablesMark06/18/01 08:13
RE: Unix username and passwordMark06/18/01 07:51
login/logoffKalium06/18/01 05:57
Tim's code in a nutshellSocheat06/16/01 11:51
RE: Protect your pages this way.....Baruch Even06/10/01 10:01
readme.txtGonzalo Jeldrez05/31/01 13:16
Creating a readme.txtGonzalo Jeldrez05/28/01 13:41
session variablesAndy05/28/01 11:53
readme.txtGonzalo Jeldrez05/23/01 14:33
Unix username and passwordSommai Fongnamthip05/20/01 22:47
FrameForwarding, ImplementationTobias05/02/01 15:23
RE: Added securityMaarten Robben04/25/01 06:38
Adding FieldsBen Blackmore04/24/01 08:59
Weird ErrorBen Blackmore04/24/01 08:48
RE: security beneath PHPMark Bruk04/21/01 21:14
RE: Added securityMark Bruk04/21/01 21:07
Usernamesam04/18/01 03:33
RE: Secure?Jim04/17/01 18:10
Added securityMaarten Robben04/17/01 10:24
phortify problem Please help asaptim sharpe04/14/01 16:18
Login for displayed over and over.Scott Peshak04/04/01 20:40
security beneath PHPMark03/30/01 02:13
RE: (In)Security: I am interestedMax03/21/01 14:35
RE: Logging offReepa03/07/01 21:17
How do i.....?Marcellino Bommezijn03/07/01 15:44
Logging offGerry03/07/01 10:15
Scale image...Eskil Keskikangas03/06/01 11:43
RE: What now???Michael Jensen03/05/01 14:37
open sourceMilton Moraga03/01/01 08:46
Error with undefined variables... please helpAndy02/28/01 22:21
What now???Brian Grayless02/28/01 12:44
how to use?jaxon02/24/01 13:08
RE: mail deliverySimon Pritchard02/21/01 19:19
RE: (In)SecurityAndreas Heintze02/19/01 14:23
RE: database.php for PostgreSQLDustin Dortch02/19/01 13:45
database.php for PostgreSQLDustin Dortch02/16/01 07:01
RE: multiple users with same emailDustin Dortch02/03/01 11:23
Variables can be passed by argumentJulien01/24/01 04:14
Me again - Password, and then some.Shawn 01/19/01 03:15
RE: You are logged in as* \ You are not logged inJason01/18/01 21:43
RE: You are logged in as* \ You are not logged inShawn 01/18/01 14:02
RE: You are logged in as* \ You are not logged inSteve01/18/01 12:53
You are logged in as* \ You are not logged inShawn (MobileBadBoy)01/17/01 23:21
multiple users with same emailSteve01/16/01 07:40
Setup and RequirementsEric Crist01/14/01 23:45
Is there an oracle version?Jimmy01/10/01 19:15
Making it more secure ?cyril01/10/01 02:55
RE: utils.php?Henning01/07/01 18:43
Why "text" as column type?Henning01/07/01 17:12
RE: utils.php?Henning01/05/01 22:45
RE: another version of this system - easy setupHenning01/05/01 22:44
RE: (In)Security: I am interestedBaruch Even01/02/01 08:30
RE: (In)Security: I am interestedPeter Armstrong01/01/01 13:24
RE: (In)SecurityAdam Woodbeck01/01/01 12:54
(In)SecurityBaruch Even12/29/00 09:29
RE: Secure??Baruch Even12/29/00 09:17
mail deliveryTom12/28/00 11:01
RE: make pages look for cookieJoost Wilbrink12/09/00 11:50
RE: Secure??Leo West12/06/00 08:57
RE: Another Error please helpMandy11/24/00 02:20
RE: fast method.. but very unsecureJohn10/27/00 19:26
cookie answergmt10/26/00 23:59
cookiesgmt10/26/00 20:59
cookiesgmt10/26/00 20:58
cookiesgmt10/26/00 20:24
user logoutgmt10/26/00 19:38
RE: Check for Login - Answered Myselfbeginner10/23/00 04:43
How To Grab User Information From Database ?Yves Modert10/12/00 13:14
how to restrict users from a particular dirgmt10/11/00 21:51
RE: Protect your pages this way.....nicola10/09/00 04:06
RE: fast method.. but very unsecureMichael Park10/01/00 12:42
RE: fast method.. but very unsecureAmit Chakradeo09/28/00 21:05
unable to loginJason Archibald09/23/00 18:13
E-mail of the userYves Modert09/16/00 08:12
fast method.. but very unsecureMichael Park09/07/00 10:29
thank you!thomas cos09/01/00 14:21
Protect your pages this way.....Jeff Radcliffe08/31/00 12:05
Add adress, zip code, country and date of birYves Modert08/31/00 03:01
RE: Secure??Bernd Eßmann08/29/00 06:56
RE: return_to function - AnswerDave Van Camp08/24/00 03:04
RE: return_to function - More answer.Patrick08/24/00 02:46
RE: return_to function - AnswerPatrick08/24/00 02:42
return_to functionDave Van Camp08/24/00 02:20
RE: Correction- Answered MyselfPatrick08/23/00 01:42
Check for Login - Answered MyselfPatrick08/23/00 01:40
Check for LoginPatrick08/18/00 21:41
Check for LoginPatrick08/18/00 21:31
phortify to be bornphilip olson08/17/00 15:00
RE: Another Error please helpAmit Chakradeo08/14/00 23:36
RE: Another Error please helpdavid08/14/00 15:49
RE: Another Error please helpAmit Chakradeo08/13/00 23:05
Does anyone monitor this board?Rhyan08/13/00 15:53
Another Error please helpRhyan08/12/00 18:26
Help Please, ErrorRhyan08/12/00 18:18
bug in script?Toni Suokas08/12/00 15:42
User TrackingRhyan08/10/00 19:40
User TrackingRhyan08/10/00 19:28
Secure??Fabio Venuti08/08/00 17:30
Found pre.php in "Pretty Source File"David Cann08/08/00 16:16
missing info in pre.php?David Cann08/06/00 23:37
sessionjeroen08/05/00 05:19
RE: utils.php? found it.Tim Perdue, PHPBuilder.com07/29/00 23:35
RE: utils.php? found it.Max Hammond07/27/00 09:32
RE: utils.php? found it.philip olson07/26/00 21:10
RE: make pages look for cookieAaron Nikula07/21/00 13:28
RE: philip olson (utils.php?) doh!philip olson07/15/00 14:12
philip olsonphilip olson07/15/00 14:06
utils.php?Alex Darke07/14/00 22:01
Secure?tom07/14/00 06:24
php for linuxPerry07/12/00 10:29
make pages look for cookiechad nantais07/10/00 02:49
another version of this system - easy setupphilip olson07/03/00 19:54
genereal comment about site!Daan07/03/00 16:50
Logging the username in Apache Log AUTH fieldJohn S Huggins07/03/00 16:00
 

If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly.

Add A Comment:

Name:

Email:

Subject:

Message:

To reduce spam posts, messages are now manually approved

You are not [logged in]. That means your account will not get credit for this post.