Re: [PHP] Help with authentication 'design'

You may want to check out PEAR::LiveUser http://pear.php.net/package-info.php?pacid=126 http://projects.21st-hq.de/liveuser/ A very complete / multilevel authentication package. Get the latest source from CVS as the source on pear site is a bit outdated. olinux --- "Clarkson, Nick" <[EMAIL PROT

Re: [PHP] Help with authentication 'design'

> I've searched the archives, bit it's not helping me much purely because it's > not specific PHP code I'm after, but rather help with a login system design. > So far I've got a PHP_AUTH based login which checks against a MySQL > database, and if the user's details are correct it updates the databa

RE: [PHP] Help with authentication 'design'

ld be appreciated. Thanks, Nick -Original Message- From: Peter Hicks [mailto:[EMAIL PROTECTED]] Sent: 18 February 2003 14:43 To: Clarkson, Nick Cc: '[EMAIL PROTECTED]' Subject: RE: [PHP] Help with authentication 'design' Nick, md5 is a hashing function, not an encry

RE: [PHP] Help with authentication 'design'

Nick, md5 is a hashing function, not an encryption function. You need anti-replay if you want the password transfer to be secure On Tue, 18 Feb 2003, Clarkson, Nick wrote: > Would this pass both variables in clear text back to the server ? If so > would it be better to do this; > > [cut] > > W

RE: [PHP] Help with authentication 'design'

Oops, just remembered something else; are PHP_AUTH_USER and PHP_AUTH_PW handled at the client side or sent in clear text back to the server for processing ? Basically what I'm doing is once they are set is doing a select from a database like so; $result=mysql_query("SELECT * FROM users WHERE user