Now this script does not use any external files to store user names and password as it opens up more security flaws for hackers, so everything is managed in an array within the PHP. If somebody was able to get a hold of your PHP file this will compromise things but the chances of that happening is fairly close to utilizing a database.

Features

• Utilizes cookies to give users ability to stay logged in across multiple pages
• Secure login algorithm mitigates hacking attempts

Drawbacks

Now by not utilizing a database there are some drawbacks and they are:

• Users cannot change password and user names manually
• Users can attempt login as many times as they want

With that said, it means that usernames and passwords must be managed by an admin. If this is still something for you. If this is not for you wait around because I will convert this script into a database version in the future.

Less Talk More Script

Installation:

Just download all the necessary files which includes:

• _login.php
• _login_page.php
• _login_class.php
• _login_users.php
• login.php
• logout.php

Once you put these in your root folder you need to edit the users and settings. Open up _login_users.php and you'll see:

Modify the domain code and three random numbers. The three random numbers is the key that makes login secure and unique to your website only. Then at the bottom you can create all of your users.

Now in every page that you require the user to login just add the following code to the very top of the page, exactly on line 1.

That's pretty much all you need to do to install the secure login script. The only other thing if you want is you can edit _login_page.php. That's the page people see when they need to login.

Login and Logout

You can lead users to login and logout with links to login.php and logout.php as such.

Displaying Macors

In this case the only macro you can call up is the username after they have logged in. You can call it in a welcome back message like this (placed in your HTML).

Download the files:
PHP Login Without Database.zip

So as we know the internet, we open up our favourite browser (Internet Explorer, Firefox, etc.) and we type in a website and BAM! we arrive at the website full of information. For this article I'll say there's three components in this situation – the browser, the website AND the connection between the both of them. When it comes to security over the internet all three of these components must be secured.

As a web developer or webmaster you are responsible for two of these components: the website and the connection. The browser resides in the user's computer so they have to take the proper measures to secure that (anit-virus, trojan, spamware blah blah blah). For you, the website requires a lot of things to be secured and we'll leave this for another discussion.

Three Paragraphs and Still No SSL Talk Yet

So the remaining component here is the connection. SSL's responsibility is to encrypt/secure the data transmitting between the browser and the website. Image this, you have a client who's trying to shout to you his credit card number, 100 meters away, in a busy mall. Neither your client or you is comfortable with this (well you might be if you're that type of person). If you had a real life SSL in this situation it would work like this. Everybody in the mall speaks English, so SSL will translate what your client is saying into French and emit it. You don't have to understand French because SSL will translate it back to you. So eventhough you're yelling sensitive information, nobody can understand what is being said except you and your client.

The internet now-a-days is not just about getting content. Its about interactions between users and websites or users and users. If a hacker is sitting at the connecting listening (sniffing) the information they can hear everything you're saying. Yes, they can hear everything from your credit card information to your secret crush in the next cubicle. Having a certified SSL connection means that security is tighter and mitigates anything like that from happening.

Note: How can you tell if the site you're on has SSL implemented? Websites with SSL implemented will lead you to a website starting with HTTPS://. Just look at the URL right now as Crankberry Blog doesn't have SSL it just says HTTP://. Not only does the site need to have HTTPS:// they also need to have to have the proper certificate. Your browser will tell you if they do or not. Here are some examples of certified SSL pages through different browsers.

Internet Explorer 7

Firefox

Chrome

Safari 4

Do I need SSL

Here you are developing your website and wondering if you need SSL on your site. Well ask yourself these questions. Do you have any user interaction? Is your interactions sensitive? If your answers are yes then you would most likely need SSL. If your site is people discussing about their secret crushes or how much people should FMyLife then you shouldn't be too concern. In addition, if you have users signing up for accounts, how much would be compromised if their account information gets in the hands of a hacker? Sometimes people sign up for accounts with real and sensitive information while sometimes they just give out a bogus alias. Here is a list of some examples where I believe SSL is required, not required or borderline.

Required

• Online Banking
• Payment transfers
• Classified postings with transaction information
• Government websites
• Employment information sites
• Company intranets
• Email accounts
• Auction sites

Not-Required

• General Forums
• Blogging
• Commenting systems
• Guestbooks

Border-line

• Social networking
• Exclusive Forums

So there you have it. A general outlook at what SSL is and how it may help you. If you were looking for something more technical, by this point you may have already been disappointed.