is this tutorial's securty good?

**raptrex** · 11-15-2007, 08:01 PM

im wondering if the security of the script in this tutorial is still good since this article was written 3 years ago
http://www.evolt.org/PHP-Login-Syste...Admin-Features

if not, could someone point me to one that is pretty secure

**rogem002** · 11-16-2007, 11:40 AM

Most of it is last version PHP/MySQL. But using the comments/code would be nice, but some updating is needed.

**gspx** · 11-17-2007, 11:21 AM

Looks good to me, and i've been making my own php login stuff

I didn't see anything on encrypting the users passwords though, you might like to try MD5 storing them and using the php md5 function to check against them, like
md5($pass) or somethign similar, i think..

**metho** · 11-17-2007, 07:17 PM

Quote:

Originally Posted by gspx

I didn't see anything on encrypting the users passwords though, you might like to try MD5 storing them and using the php md5 function

CREATE TABLE users (
username varchar(30) primary key,
password varchar(32),
userid varchar(32),
userlevel tinyint(1) unsigned not null,
email varchar(50),
timestamp int(11) unsigned not null
);

"password varchar(32)" - 32chars? md5 you think?

"$result = $database->confirmUserPass($subuser, md5($subpass));" - yup.

"if($database->addNewUser($subuser, md5($subpass), $subemail))" - md5 all the way.

It's a very solid user_auth system, as you'd expect from evolt; they dont post a lot of crap.