how to create a login module

i have to create a login module (The question is not language specific) but i am not sure how will i validate the user. Where and how will i store the passwords. Will i have to encrypt and decrypt my passwords and if yes what are the best suggested way to do them. Overall i need to know what all things i need to take care of for developing a login module where a user can login securely to access my site.

Answers


You don't need to decrypt your passwords in order to validate them, just one way encryption works fine for this. The idea is that when a user enters a password, you encrypt it the same way (using the same algorithm and "salt") and then compare with the encrypted one stored in your database. If they are equal, with a great probability it means it's the same original password. Thus you prevent anyone - the adminstrator or any attacker - from knowing the original passwords users use on your web site.

As for the rest, it's very simple, you have a table in your database which contains user logins, encrypted passwords, and possibly some profile information as well (full name, etc).

I usually use the following function to hash user passwords:

$password_hash = sha1(MY_SALT_1 . $login_name . MY_SALT_2 .
    $password . MY_SALT_3);

where MY_SALT_* are arbitrary predefined strings, could be e.g. 'the dark', 'side of', 'the moon' (or actually the less related - the better).


Need Your Help

Building a web site with photo uploading possibilities with node.js

node.js mongodb module

I'm new into Node.js and my intention is to build a web site similar (but way less complex) than Imgur, where uploading images is possible by dragging photos from desktop to the browser.

XML Schema (XSD) validation tool?

xml validation xsd schema

At the office we are currently writing an application that will generate XML files against a schema that we were given. We have the schema in an .XSD file.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.