Programming Forums - View Single Post

Jimbo · Dec 14th, 2007, 12:54 AM

The problem with a JavaScript login system is that anyone can see the JavaScript. They can also turn it off. They can also overwrite it to return whatever they want. That's the problem with trusting the client - you can't.

Using PHP on the other hand, the user has to input values and those are validated on the server - which the user [hopefully] has no control over. This is why PHP logins are more secure. With PHP (or another server-side language), you can also use a database to store login information, so it's a ton more scalable as well.

That said, your PHP code is incorrect. You need to make the comparison for both strings, not just one. The if statement will probably work with any username so long as the password is "admin".

Dec 14th, 2007, 12:54 AM	#5
Jimbo Battle Programmer Join Date: Feb 2006 Location: Bellevue, WA, USA Posts: 748 Rep Power: 3	Re: login system The problem with a JavaScript login system is that anyone can see the JavaScript. They can also turn it off. They can also overwrite it to return whatever they want. That's the problem with trusting the client - you can't. Using PHP on the other hand, the user has to input values and those are validated on the server - which the user [hopefully] has no control over. This is why PHP logins are more secure. With PHP (or another server-side language), you can also use a database to store login information, so it's a ton more scalable as well. That said, your PHP code is incorrect. You need to make the comparison for both strings, not just one. The if statement will probably work with any username so long as the password is "admin". __________________ <insert disclaimer here> <insert shameless plug for Visual Studio here>