login/registration feature in a website

[sogate]

---

Hi guys,

anybody please help.
i have a website and i'd like to add a "login/registration" feature where the website visitors can register and login whenever they want to access some of my files because i would like the files to be just available for the members who registered. please help on how to go about it - like the requirements, the codes, etc.
thanx in advance!!!

[psyche54]

Things you must consider

Registration Form

- USER ID, PASSWORD, REAL NAME, CONFIRMED EMAIL ADDRESS, and other details...

Confirmation

- You must verify if the email address given is valid, mail a link to confirm his/her registration details

Login/Logout Process

- Probably you will be dealing with $_SESSION values to retain and keep user_id's all throughout your site.
- You can store session values either to client's local machine, or store and keep session in your server's dbase...

Tables & Fields

- Tables & fields would depend on what you require from the registrants. The most important one is user credentials (USER ID & Password)
- For password fields, make it sure that its one way encrypted (eg. MD5 algorithm)

Others:

Use of SSL certificate

- for greater security, you may use SSL certificates to encrypt pages when user navigates through your private contents. If you are using APACHE as a web server, then you can use OPENSSL to implement SSL/TLS protocols.

- You may have a self signed certificate or buy from third party vendors (Verisign, etc.)


Few of my opinions though... Daghan experts diri, so more help would be coming soon...

[salbahis]

sakto ang giingon ni psyche54....

filesharing site?, what if i bookmarked the direct link of the file?, that would bypass login...

[psyche54]

sakto ang giingon ni psyche54....

filesharing site?, what if i bookmarked the direct link of the file?, that would bypass login...

The most practical thing to do is set no. of minutes for your session (either User ID, Session Id, SESSION TTLs, etc) values to expire and redirect them to the Login/Authentication page when session values has expired...

Sample code on Session Aging:

>>>

<?php
session_start();
$inactive = 900; //Value in seconds
if(isset($_SESSION['timeout'])) {
$session_life = time() - $_SESSION['timeout'];
if($session_life > $inactive) {
unset($_SESSION['USER_ID']); unset($_SESSION['BRANCHID']); unset($_SESSION['timeout']);
header("Location: login.inc.php") //Your authentication page
} else {
// Do whatev er you want here...
}
?>

<<<<<

on the login page, you must get the time you logged in and store it into a session (eg. "$_SESSION['timeout'] = time();" ), para magamit na nga session value throughout your secured pages to age whatever session you keep...