PHP Classes

Secure login on Web site and database: My site has been hacked many times

Recommend this page to a friend!
  All requests RSS feed  >  Secure login on Web site and database  >  Request new recommendation  >  A request is featured when there is no good recommended package on the site when it is posted. Featured requests  >  No recommendations No recommendations  

Secure login on Web site and database

Edit

Picture of Chrisanthi Karademirtzoglou by Chrisanthi Karademirtzoglou - 8 years ago (2017-05-16)

My site has been hacked many times

This request is clear and relevant.
This request is not clear or is not relevant.

+2

My site has been hacked many times from diferent IPs and I would like a more secure login form in backend and frontend. I am still working on this site that is under construction and I will feel more safe if I can use a secure login solution.

  • 1 Clarification request

  • 1. Picture of Oleg Zorin by Oleg Zorin - 8 years ago (2017-05-23) Reply

    Secure login (including password storing) solution - it's a great idea, but...

    Probably problem little bit wider than you thought. There are several ways to get access to your site:

    1. Someone has login and password. It's normal situation - each registered user has login and password.
    2. Someone stole you database and decrupt password hash. First thing you should to do is change database password. Second - check all you queries to database, use PDO with placeholders (prepare-execute statements).
    3. Someone has FTP access to you site. If someone has FTP access, he could easily stole your DB, but much more better is to implode some code, which authorize anyone as administrator. So, first thing - change FTP password. Second - check you code on "bad code" injections. Use Git or something.
    4. Someone use system exploit. If you use some third party CMS or framework - update it till last version. If it is you own system - test it carefully.

    As you said your site is under construction. So, is it possible to work on local server? And only after product release (including all tests) upload it on hosting.

    Ask clarification

    1 Recommendation

    PHP Secure Login and Registration: Register and login users in a database with PDO

    This class can register and login users in a database with PDO. It can:

    - Register users sending confirmation email
    - The user accounts have a unique email, password, first and last name are stored in database table using PDO. It was tested to work with at least MySQL, PostgreSQL and SQLite.
    - The user password is hashed before storing using password_hash function
    - Activate account with verification code sent by email
    - Perform secure login authentication using sessions and password_hash again to check the password
    - It can block users after a configurable limit number of login attempts
    - Logout users ending sessions
    This recommendation solves the problem.
    This recommendation does not solve the problem.

    +2

    Picture of Manuel Lemos by Manuel Lemos Reputation 26695 - 8 years ago (2017-05-18) Comment

    This package can be used precisely for that, provide a secure registration and login system with records stored in a database.

    Recommend package
    : 
    :