Login interface

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I'm starting to write a login interface using php and I need to know some of  
the hazards that I need to watch out for.

A couple of issues I was wondering about are the encryption used, how to  
store(mysql, xml, etc), and how the session control works(how to I know its  
the same user that has been logged from page to page).

I was thinking of simply uisng sha when I store the username and passwords  
to store the hash(without storing the actual password). I was going to use  
MySQL but was thinking maybe I could just use xml or a text file since it  
doesn't need anything special. The MySQL might be more secure in this  
respect though and its probably easier. I'm just worried about security  

The session stuff I think can be taken care of with the sessions object?

I haven't programmed in php before but it seems pretty much just like C/C++  
except for a few silly syntaxes. I'd rather program in asp because the tools  
are very nice and sophisticated but php is much more cost efficient.

Trying to get a solid outline in my head so I can start programming. The  
main thing I'm worried about is security for the login information. I figure  
using a text file on the server in a private directory would do a good job  
and I wouldn't have to worry about SQL injection attacks on it.

Any ideas?


Site Timeline