how to build secure log-in for a site

[pagetta]

I know i asked a question related to CMS last week this is a bit more specific though. I only really have experience with front end web design - i am ok with php in terms of includes, forms etc but have not had any experience with databases etc.

however i am potentially looking to add a 'log-in' section to a website where you can view pictures, access a diary, find a contact list etc.

if i were to use a CMS to build this site (eg word press or joomla seem to be highly recommended here) is this something that i can have on the site with these - basically is there a 'cheats' way to do this or will i have to knuckle down and study and do the programming myself??

any advice very much appreciated as always, thank you.

[le_gber]

If you build your site using Dreamweaver, you can get point-and-click login function as an extension (or even built-in in recent versions).

Otherwise there are loads of tutorials on getting a login set up. I particularly like this one from evolt:
http://www.evolt.org/PHP-Login-Syste...Admin-Features

[varun8211]

I would do it for you for no cost. let me know

Varun B
http://www.galaxyweblinks.com

[drumdance]

I've been using Drupal a lot for the past 18 months and am happy with it. It's got tons of modules and built-in authentication.

That said, you may find WordPress or Joomla easier to use or a better fit. I recommend checking them all out first.

Drupal is at http://www.drupal.org

[southplatte]

Hi pagetta!

If you are using a CMS system, many of them already have user management and authentication built in, so the bulk of the hard work is done, especially in something like Drupal or Joomla. You can set access to certain modules, such as a photo album on a per user or per group basis in many of them.

Wordpress, on the other hand being more for blogging and not necessarily a community type environment that Drupal, Joomla, and Mambo are, may require additional plugins and/or custom programming to accomplish the same type of situation.

In the case of not using a CMS based solution and programming your own, the tutorial that le_gber points is good, and there are many others that are available by searching in Google or on some of the code repository sites.

Also, as stated, the most current version of Dreamweaver has built in user authentication behviors that you can implement fairly easily for PHP as well as ASP. I believe Dreamweaver MX 2004 had it built in and in MX and prior versions there was an add-on extension that you could download from the extension site to add these behaviors.

If you are going to make the foray into more PHP coding, I would recommend taking a look at some of the books and online resources available to get some good database priming first as it is paramount in creating user authentication systems, as well as learning about secure session and cookie management which is highly critical in the process.

[dean]

If you just want the secure log-in, this script is good and fairly easy to set up:
http://phpsecurelogin.emage.de/index.html

[Clint1]

Pagetta, I don't see where anyone mentioned cPanel and you didn't mention anything about it having to be secure. If your site is hosted using cPanel software you can do this under the "Web protect" area. You can require a page or folder to require a login with a user and password.

[pagetta]

Hi thanks for your replies I am thinking that a CMS might be the best way forward as the site is for a scout group and so they will not want to be paying me to update things every week, with a content management system someone can go in and update the site and add photos as necessary.

Is mambo or joomla something where parents & scouts could register then have a log-in to the photos and contact list etc?

I will read through those tutorials as well though as I would like to learn more in this area anyway.

[DrTandem1]

Sounds like you just want a personal section for friends and family. Why not simply password protect a directory?

[pagetta]

what is the best method to use to do this? i have tried a htaccess and htpasswd method but can't get it to work just getting internal misconfiguration

[Clint1]

Quote:

Originally Posted by pagetta

what is the best method to use to do this? i have tried a htaccess and htpasswd method but can't get it to work just getting internal misconfiguration

I answered that in my post above. ;)

[southplatte]

Quote:

Originally Posted by pagetta

what is the best method to use to do this? i have tried a htaccess and htpasswd method but can't get it to work just getting internal misconfiguration

I would say if you are leaning towards a CMS to allow them to update the site, then just use the built in authentication in the CMS. Most, if not all, will have a method to restrict access to certain modules based upon user or group.

Trying to setup the .htaccess mehtod works as well, however to add users, you have to add them to the system or add them to the .htaccess/.htpasswd files properly, which is not very feasible in many cases, where the CMS allows you, or any administrator on the CMS to add users, or the users to register and add themselves.

Clint points out using cPanel, which if you or the web site owner have this on the hosting platform, would work as well. It is merely a nice graphical way to setup the .htpaccess/.htpasswd files.

[zbatia]

I guess, the simplest method is to use the cPanel feature as it was mentioned earlier. You don't have to know anything about .htaccess, just assign the protected directory and the password. It works immediately after your settings changed.