The “remember me” feature on user login forms (long-term persistent authentication) is one of the most common and convenient web authentication features. It allows the user to be constantly authenticated in the application without having to enter username and password in each session. The feature is based on cookies and handling cookie data in PHP. Since we are talking about authentication, security is important and any possible security issues and solutions will be covered in this tutorial.
PHP Articles
You will find articles covering all areas of PHP, including application architecture, functions, databases, tools, the latest PHP news, and insightful guides covering setup & installation and site operation.
Articles Sub-Categories: Application Architecture, Databases, News, Pear, PHP Functions, Setup & Installation, Site Operation, Tools, Tricks & Hacks.
Results via Envato Market
One of the most common security features during the user registration process is e-mail verification. It is important to create it according to industry best practices in order to avoid potential security risks. Let’s discuss these best practices and see how to create e-mail verification in PHP.
WebSocket is a relatively new technology that enables a persistent connection between client and server over TCP protocol. In other words, it allows bi-directional socket connections to a server, where both server and client can send the data at any time. This article will focus on WebSocket’s security issues and possible solutions to its vulnerabilities.
PHP has always had a few simple ways to implement password hashing to an extent. MD5 and SHA1 are examples of this, but the security of these methods is not what it should be. Many developers use MD5 and SHA1 without even adding a SALT, which is a string that helps to add complexity to the application. Some developers use something as awful as base 64 encoding and decoding simply because they can be easily manipulated. But these things are not secure folks, and the clever people who want to hack your site or steal your money can see right through them. Yes, they can.
The security of sensitive information such as login credentials of an employee is a topic which has always been addressed in every programming language. Learn more password encryption with the most common methods of passwords protection in PHP.
Two recently discovered PHP security flaws could allow an attacker to execute arbitrary code.
Learn how to create, receive and test a JWT in PHP.
JSON Web Token (JWT) is a JSON-based open standard used to create access tokens that assert some number of claims. In a palpable example, the JWT represents a key between a server-client relation: the server generates a token that has the claim “logged in as admin” and give it to a client, which could use that token to prove that is logged in as admin. The tokens are designed to be compact, URL-safe and can also be authenticated or encrypted.
Explore some of the most widely used design patterns: singleton, facade, decorator and factory.
Learn how to use Dice, a PHP dependency injection container that allows you to quickly and simply apply dependency injection techniques in your PHP code.
Dependency injection is a software design pattern that implements the inversion of a control concept for resolving dependencies. According to this concept, a class should not configure its dependencies statically, but should be configured from the outside. Learn about Dependency Injection and the main PHP containers/frameworks used in working with PHP.