09 9 / 2011
Login System Done!
Logging in on to glorbi is probably one of the safest login scripts I’ve ever written! When you login, it stores a large array of data in our database, and checks this data against even more pre-stored values, and variables running in sessions and cookies all around our site!
So much so, that on every single page, we run about 13 checks to make sure, you’re you, and your data won’t be compromised. In all, we have 3 pages that handle login, login.php, which processes the login, sessions.php which registers the session, and auth.php to make sure everything is working just right. :)
After all that, you’re logged in, and you gain access to home, as you. Once you logout, what we wrote about in the last post, then happens!
Funny how we’re putting so much effort in to all this! We haven’t even got to the core platform yet! Who knows how long and secure that’s going to be ;)
Permalink 28 notes
08 9 / 2011
sessions.php is very very complex.
The session id system we’ve integrated to keep our users safe from any sort of hacks, is looking so be so secure, so complicated, that we have 5 cookies, 7 sessions, and we’re encrypting all our session data with special cryptography tools.
We randomly generate 2 IDs, get the username, IP address, and user agent, save them all in an encrypted cookie, upload those values to our database cross reference those values with our sessions, cookies, database, and an external table value, so as to keep the system flawless.
The sessions system is only half done, and it’s already over 400 lines of PHP. :) we’ll finish it off tomorrow, then move on!
08 9 / 2011
[Done]: Uber Complex Login Script
Well, that’s one script re-written! The login script for glorbi, is so complex, that I can hardly comprehend it without writing it all down in a web of scribbles. Well, I think it’s safe to say, that unless you can hack multiple encrypted cookies and sessions, whilst altering the encrypted data values from the database checks, all that occur in about 0.3 seconds, glorbi is safe from hackers. Just the login script is about 50 lines of PHP!
Right now, we’re going to move on to the sessions.php file, which will verify a session, check the cookies and sessions, and run a session id script, which will generate a unique code for every person that logs in, and verify that once more, on every page a user visits, with a session, a cookie, and a database check.
Permalink 23 notes