I've got a database that contains passwords... I'm able to learn how to see if the consumer has joined a legitimate account information once they click a login button but how do i have them drenched set for amounts of time.. For instance I just login to Facebook like once every 4 several weeks. I am presuming snacks have something related to it? Anybody possess some advice or clearness of considered to offer? I'd rather not make my customers log-in when they attempt to notice a page :) ahha!

When a user makes its way into their account information right into a form inside your site, validate the account information to become correct, after which set a $_SESSION data for that user's id to begin with. Then, on-page load, see if the $_SESSION information is set or otherwise, and when it's, the consumer is drenched in.

Also, if you are storing passwords, you should hash them up and salt them up and keep hashed passwords.

Some links and lessons on Hashing

http://phpsec.org/articles/2005/password-hashing.html

http://seanmonstar.com/post/707158385/a-basic-lesson-in-password-hashing

http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/

http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html

http://www.codinghorror.com/blog/2009/05/i-just-logged-in-as-you-how-it-happened.html (go through codinghorror.com 's stuff. Perfectly written)

You will find two durable techniques of transporting variables. Periods and Snacks. Periods store user data around the server until they expire, and Snacks store data around the user's computer. Both periods and snacks have variable periods they last (climax simpler to create cookie expirations), however, you should educate yourself on:

http://php.net/manual/en/features.cookies.php

http://php.net/manual/en/features.sessions.php

Yes. While you assumed snacks is the greatest option. Keeping a session for any lengthy period is not recommended.

You are able to store user's information in snacks. For additional security you are able to secure them before saving. Might be with base64_decode()

For example see bellow code.

setcookie("USER",$userName,time()+ (3600 * 24 * 30 * 4));
setcookie("PWD", base64_encode($password),time()+ (3600 * 24 * 30 * 4));

Best of luck.

Prasad