Comments on: Creating a Secure Login System the Right Way

By: Chris

Chris — Sun, 05 Feb 2012 10:13:23 +0000

A great starting point. Thanks a bunch!

By: Ollie

Ollie — Sun, 05 Feb 2012 05:17:37 +0000

This evening I’ve been researching secure login and registration practices and this one is exactly what I’ve been looking for — great well written article. Thanks

By: qamar

qamar — Sat, 28 Jan 2012 15:31:49 +0000

Nice tutorial, You have a great way of making things simple.
cheers

By: David H

David H — Sat, 28 Jan 2012 07:25:18 +0000

Terrific article. I was able to get this going very quickly.

By: Tinsley

Tinsley — Fri, 27 Jan 2012 19:27:26 +0000

Don’t use cookies. Cookies are stored client side and are sent to the server with each request. Session data is stored on the server. Out of the box PHP uses a cookie to identify each user with their particular session, but this does not allow session data to be manipulated; storing all of the data in cookies would.

What do you mean by multiple logins? Do you mean having multiple users logged into your site at once? If so the answer is yes, you can use sessions.

By: Iosif Miclaus

Iosif Miclaus — Fri, 27 Jan 2012 18:57:00 +0000

Hello there

I really like this article and will surely help me with some security issues i currently have for my project.

I still have a “small” question, that you might be able to answer:
What if I need multiple logins at the same time? Can i still use the $_SESSION variable or should I use $_COOKIE insead?

I hope you can help me

Sincerely,
I.M.

By: mordof

mordof — Mon, 24 Oct 2011 22:22:59 +0000

Nice Glad you say no to this, heh. Prevents people from just copy+pasting and having no idea what they’re doing ^-^.

By: Dennis

Dennis — Tue, 18 Oct 2011 14:40:36 +0000

This article is the best so far, Thinsley, Please keep up and post or upload more tutorials, you giveaway very useful information.

By: Tinsley

Tinsley — Thu, 18 Aug 2011 20:34:12 +0000

What I meant by that is that you shouldn’t be redirecting users from page to page if you don’t have to. The php file that generates your login form should be the same one that processes the data. This way if there is an error (ie incorrect password) you don’t have to redirect the user back to the login.

By: derp

derp — Thu, 18 Aug 2011 13:25:24 +0000

really nice tutorial, was very helpful! Could you be a liitle more specific on this: ” I don’t recommend, for example, using header() to bounce your users around to different pages”

What methods are recommended?

By: Johnson

Johnson — Sat, 06 Aug 2011 16:22:46 +0000

Thank you for the tutorial!

I had my login system already but I had doubts if it was secure or not. This helped me make the system a little more secure.

By: Karl

Karl — Mon, 01 Aug 2011 17:41:08 +0000

I completely disagree with John, this is a great article and id like to thank you for the time and effort you put into writing this. I knew the basics of sessions and logging in with databases etc, but had no idea how to do a salted password. this has helped so greatly. Thank you very much!

By: Tinsley

Tinsley — Sun, 31 Jul 2011 00:57:11 +0000

I’m sorry you feel that way but when I wrote this my goal wasn’t to teach people programming 101 and how to create a login system. If you can’t figure out where to close the PHP tags you need to learn the basics first.

By: John

John — Sun, 31 Jul 2011 00:44:58 +0000

I find this completely useless and a waste of time. You never mentioned where to save stuff and where to close the php tags and so on. I think this was just stupid.

Kind Regards,

John

By: Tinsley

Tinsley — Thu, 28 Jul 2011 23:06:11 +0000

What’s to stop you from using an email as a username?