Re: Authentication and Login
if I was you...
forget about storing the IP address, if their IP address changes they will end up having to login again.
use a cookie, store the user name, and store and hash of the password.
then you can check the authenticity of the user, effectively logging them on each time. nobody could fake that cookie unless the stole the hash, or knew the password to create a hash.
(if you're not comfortable storing the hash that's in the database for user login then you might store a hash of the hash, or a specific hash that's salted differently to how you usually store the passwords.)
so I log in with username + password
in my cookie I get userID + hash of password
each time the page refreshes you check the DB to ensure that the userID and password hash match properly.
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."