I'm looking for comments on this one. I'm developing a site that
will have user logins on it. What's the best way to do this? What to
store, and how?
- Are people more inclined to use a username when they need to log
in to something, or would asking for an email (as the userID) be
better?
- How about storing passwords? All of this info will be stored in
an MySQL DB. How do admins generally do this type of stuff?
Encrypt the password stored in the DB, and decrypt it on the fly
to compare? Store it in plain text? Or store it encrypted,
and when the user logs in, encrypt that passwd (from the form)
and compare the strings? (not sure if the latter would work)
- What about sending people passwords through email? Like when
someone signs up the first time, they supply a passwd. How do
people feel about sending that login information to the user in
plain text via email? Or do you?
- What about when the user forgets their login? Just fetch the
info from DB and mail it out to the (registered) email address?
Or, generate a new, generic one, mail that one out, and tell the
user to login and change it again?
Suggestions please.
AMK4
--
W |
| I haven't lost my mind; it's backed up on tape somewhere.
|____________________________________________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ashley M. Kirchner <mailto:[EMAIL PROTECTED]> . 303.442.6410 x130
SysAdmin / Websmith . 800.441.3873 x130
Photo Craft Laboratories, Inc. . eFax 248.671.0909
http://www.pcraft.com . 3550 Arapahoe Ave #6
.................. . . . . Boulder, CO 80303, USA
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
