Safety - login

I am just connected my login and thats all set up, just questioning as this is for a business how the best way to validate safety.

also how to I get a page to recognise is someone has logged in so they dont go straight to the location address once known. Session cookie? IF statement? have no clue.

and how do i stop dublicate log ins as i can ‘sign up’ with the same login details as many times as i want, it just adds to the database.

a lot to answer, if you can give me any advice on any of it…

thanks.

Ok First Question: How to check if someone is logged in.

The best way I have found to do this is generate a uniqid() for a user WHEN they login. You then save this in a database and a matching on inside a cookie and each time they load a page, check to see if the cookie exists, and search database for matching one then you can compare it to the member info.

To stop duplicate usernames:
Simply Do a search query on your database when someone registers. If it exists return an error, else let them through.

An Extra note:
Keep your users data secure. Use salt+hash and you should be good. Personally I do this:
Password = User input
Salt1 = Constant
Salt2 = Constant
Salt3 = Username

Password = Salt1.Password.Salt2
Password = md5(Salt1.Password.Salt2)

Salt1 = md5(Salt1)
Salt2 = md5(Salt2)
Salt3 = md5(Username)

Password = NewSalt1.Password.NewSalt2 <-- Notice the password here is the hashed one above
Password = md5(Password) <-- Password here is direct line above
Password = Salt3.Password
Password = md5(Password) <-- now hashed with username as well.

This prevents someone using rainbow tables to work out peoples passwords if they get a hold of your database

(same guy who asked)

Ok thank, I have added these and it’s worked cheers. Nect step Captcha (but on another day)

Thanks (get better reponses on here that random google searching)

I have a simple captcha in place as well which I can help you with. Feel free to PM me on that matter.