Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Posted by thomascawthorn
thomascawthorn
22,986 Points

Cookies and Sessions: Where to start & creating a secure log in

Hi!

Forgive me, I may have been looking in the wrong place but I can't find any Treehouse material on sessions and cookies.

I'm looking to make a fairly secure admin section to a site which requires a login and I don't really know where to start. I can't use laravel or similar frameworks/add-ons because the hosting doesn't support it.

I've found this article which looks pretty good, but it requires creating a separate log in database, which I don't have the luxury of. http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL

I have one db and can only access the public_html file on the server... So i guess it's never going to be Fort Knox!!

Any advice on where to start with sessions/cookies would be much appreciated! Maybe some fun exercises with things you can do.

If it makes a difference, I'm looking to lock down one specific directory - similar to wordpress/wp-admin, I want to lock down the site/admin directory only.

Thanks :-)

p.s. I've considered the user table I'd need and have come up with these columns:

Name Username Email Password Account Created Last Login Remember Me

Does this sound about right?

7 Answers

Navid Mirzaie Milani
Navid Mirzaie Milani
6,274 Points
Navid Mirzaie Milani
Navid Mirzaie Milani
6,274 Points

Well right now they use OAuth and thats little bit complex to explain just google it. But most common i think its sessions and if they user decide to saves his password most often he can check the checkbox "remember my" and then u can register a cookie ;)

Yasin Khan
Yasin Khan
25,279 Points
Yasin Khan
Yasin Khan
25,279 Points

Although this video is very old:

http://code.tutsplus.com/articles/how-to-build-a-login-system-for-a-simple-website--net-2853

It did help me start a simple login page with a 'secured' page behind it.

For hashing passwords and connecting to mysql the most 'properest / up to date' explanation I could find is:

https://phpbestpractices.org/

I have not found anything that explains sessions well (or anything I could understand well : /) yet. But will post here if I do.

To remove session cookies and destroy sessions I am going to try example #1 - Destroying a session with $_SESSION:

http://ca3.php.net/session_destroy

(From the php manual)

Navid Mirzaie Milani
Navid Mirzaie Milani
6,274 Points
Navid Mirzaie Milani
Navid Mirzaie Milani
6,274 Points

Thomas Cawthorn hi there,

its fair enough to create a table users like you self suggested, exept of the ' remember me' colum you can remove that.

Oke lets talk about cookies and sessions. The most important thing is de idea behind sessions and cookies. Sessions only exists untill your browser life cycle so if you close your browser your sessions are expired. Cookies on the other hand will stay as long as you want to, but downside of this approach is off course that there is a chance that others can retrieve the cookies of your user an sign in with them credentials. Thats a quick story about sessions and cookies and they both have their advantages and disadvantages.

Soo you want to create a login.

my first advice would be try to play with sessions and cookies and check how they'r working, after that start to make a simple form with username and password and check if you can store the session of the username. After that you can check if you can communicate with your database and retrieve information.

If you have problems with anything just ask it here in column and im sure people will help you.

good luck!

thomascawthorn
thomascawthorn
22,986 Points
thomascawthorn
thomascawthorn
22,986 Points

Nice one, thanks Navid Mirzaie Milani !

On pro websites, what would be the main function for sessions be? Is it something to do with data tracking or is that cookies?

Navid Mirzaie Milani
Navid Mirzaie Milani
6,274 Points
Navid Mirzaie Milani
Navid Mirzaie Milani
6,274 Points

what do you mean? i don't understand.

thomascawthorn
thomascawthorn
22,986 Points
thomascawthorn
thomascawthorn
22,986 Points

Sorry, what I'm trying to say is:

In the real world, what are the most common uses for cookies and what are the most common uses for sessions

William Bussey
PLUS
William Bussey
Courses Plus Student 2,454 Points
William Bussey
William Bussey
Courses Plus Student 2,454 Points

i'm looking for a good place to start on registration and login with php and mysql.