• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net

PHP & Cookies ; MySQL & Passwords

Cheap Bastard

New Member
I guess this is a double question...

PHP & Cookies:
i've done a search and i found this page:
http://www.spoono.com/tutorials/php/cookies/
it looks great, simple, and easy. But... It looks too simple. It just seems as if it's supposed to be harder. I mean, that can't be all... Or is it?

Also, how do you make sure a cookie remains even if the user closes the browser... (like the cookie for vBulletin), i don't want it to go away (like the cookie for phpBB).

MySQL & Passwords:
(with PHP)
I've heard something about a hash password or something...
What size does the field in MySQL have to be... Is a tinytext suitable for this purpose? What's the longest possible password to store? (needed to set the max for the password input box in the form for signup). Should this be stored in the cookie?
Also, what's the best way to keep 'authentication' between pages?

Thanks fella's (lotsa questions, huh)
 

Woofcat

New Member
the setcookie() function has problems with some browsers, so i'd recommend doing them yourself with header() instead...

header('Set-Cookie: cookie=whatever; expires=Tue, 19 Jan 2038 03:14:07 GMT; path=/');

would set $cookie to whatever... and stay even if browser is closed (until jan 19 2038 anyway)...

if you use mysql's password() function it doesn't matter how long the actual password is, it always returns a 16 character long string, so best store it in a char(16) field...

you keep authentication with cookies... storing the password in a cookie isn't the most secure thing in the world but should be good enough... best to use a randomly generated token...
 

Cheap Bastard

New Member
I see... Would it be safe enough to store the
$cookies_password_value = password($users_password);
in the cookie though? I mean, that should be safe enough, right?
 

Cheap Bastard

New Member
also, how would i put multiple values in one cookie?
I could do
header('Set-Cookie: cookie[user]=$cookie_user; expires=Tue, 19 Jan 2038 03:14:07 GMT; path=/');
header('Set-Cookie: cookie[pass]=$cookie_pass; expires=Tue, 19 Jan 2038 03:14:07 GMT; path=/');
but it just seems like... hmm... "overkill"

Also, how would i check for a cookie?
if(!$cookie[user] && !$cookie[pass])
//login page...
else
// whatever
 
Top