I have recommended time and again Charles Miller to be the perfect best Method "remember me" functionality on a site (if you really want actually that feature is what I need). However, I have scratch on the web and I can not find the real PHP / MySQL code implementing your solution, and use "Remember Me" In relation to "security" about an gazillion was emphasized about time, I'm scared to scare myself to scare it that I will misunderstand something or make a mistake As a result, massive security holes Oga. Since their solution is approximately 10 years old and if it happens that permanent login cookies, there are definitely some vetted PHP / MySQL code that can be correctly installed without any unexpected security hole Follows the solution. (The closest thing was that I had a Drupal module, but I do not use droplets.) Does anyone know where I can find it? After reading a question on Stack Overflow I, writing a PHP / MySQL implementation of Charles Miller's SAP, Have been motivated to help? ??? Continuous Login Cookie Best Practices ??? For this tutorial, I believe that you can already get a PHP system with user login. First of all, when you sign in to store the session in a cookie, we will have to update the site. This code will go with your current login system. Secondly, we want to check whether there is a new user cookie credentials on the site. This code checks at the beginning of your code, first, are we already logged into our $ _SESSION? If not, try a cookie-based login. Thirdly, according to Charles Miller's article, if we can not allow a user to log in to the following sections cookies: Code: To get all the code for checkout permanently at: There are some changes with this persistentAuth class that you have to do to get an example of your database back to getDB () The function has to be changed. IA ???? In this example, using PDOs I have set it to refresh every page, clear the database of old sessions, the best way to handle it is to use a cron if you set a cronon USE_CRON flag Change to Class Settings in
If the (/ * code that confirms credentials) / / // ... persistentAuth :: login ($ userId) for user logs in session session; }
If (/ *! Login) * / & amp; amp; ($ userId = PersistentAuth :: cookieLogin ()) {//. For $ US $ user}
If the user is logged in through the cookie (PersistentAuth :: isCookieLogin ()) and this section does not have access to the section, we need to ask them about the password, perhaps some login page But send them to? Ask for a TODO password or send it to a password page}
No comments:
Post a Comment