On Monday 16 April 2001 20:41, you wrote:
> I'm looking for comments on this one. I'm developing a site that
> will have user logins on it. What's the best way to do this? What to
> store, and how?
>
> - Are people more inclined to use a username when they need to log
> in to something, or would asking for an email (as the userID) be
> better?
Use usernames. Some people have email addresses with about 50 chars
(students at my uni e.g. get one like
[EMAIL PROTECTED]). Nobody likes to type that
each time to log in.
> - How about storing passwords? All of this info will be stored in
> an MySQL DB. How do admins generally do this type of stuff?
> Encrypt the password stored in the DB, and decrypt it on the fly
> to compare? Store it in plain text? Or store it encrypted,
> and when the user logs in, encrypt that passwd (from the form)
> and compare the strings? (not sure if the latter would work)
The last one with a one-way encryption function like md5(). That way (1)
passwords are stored encrypted and (2) encrypted passwords can not be
decrypted again. And yes, it does work.
> - What about sending people passwords through email? Like when
> someone signs up the first time, they supply a passwd. How do
> people feel about sending that login information to the user in
> plain text via email? Or do you?
That's ok. At least there are no real alternatives yet.
> - What about when the user forgets their login? Just fetch the
> info from DB and mail it out to the (registered) email address?
Yup
--
Christian Reiniger
LGDC Webmaster (http://sunsite.dk/lgdc/)
"Never doubt that a small group of thoughtful, committed people can
change the world...
Indeed, it's the only thing that ever has."
- Margaret Mead
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
