David Johansen wrote:
> I'm new to this php thing and I would like to set up a web page were the
> users can login and edit their preferences and all that stuff. I have the
> basic login stuff worked out and I was passing the username and password as
> a hidden input in the form, but then the password can be seen with view
> source. I know that there's a better way to do this, so could someone point
> me to a good tutorial or example on how I could make it so that the user
> could login and logout and then I wouldn't need to be passing the password
> all around like this. Thanks,
> Dave
For me, the all round best approach to usernames and passwords is to use
http authentication. Then the browser, or whatever's at the other end of
the web, takes care of storing usernames and passwords for you, with the
full knowledge that it is storing a username and password.
The big downside is that you have so little control over how the login
looks, all you get to set is the "domain" name.
The plus sides are that your users will certainly be familiar with the prompts,
it looks professional and you get all the benefits of automatic standards
compatibility. For example, I was amazed to find when I was doing a wml
version of a script that my existing http authentication worked fine on a
mobile
phone, with no changes to the code at all.
I'd go into more detail, but if you've already done your login page, I guess
you've
already made your mind up. ;(
Good luck anyway,
George
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
