DoubleZedRed
Gawd
- Joined
- Jan 12, 2009
- Messages
- 849
What's considered a prudent approach for handling DB based user authentication with PHP?
say, I've got login.php which has a username and password field and a submit button... when i click submit it uses POST to submit those fields to some sort of authentication page... how can i open the initial connection to the DB to allow the authentication without storing a username/password in the file?
I considered having it redirect if the referrer isn't the localhost, but that doesn't prevent spoofing or wget does it?
say, I've got login.php which has a username and password field and a submit button... when i click submit it uses POST to submit those fields to some sort of authentication page... how can i open the initial connection to the DB to allow the authentication without storing a username/password in the file?
I considered having it redirect if the referrer isn't the localhost, but that doesn't prevent spoofing or wget does it?