Ideas for new login system - suggestions please



stodge said:
My idea is to generate a random string (like a session id, or a random number) and store it in a cookie and store the random string, timestamp, username and password in a database table.

Then when the user returns to the site, the random string is retrieved from the cookie, and the login details are retrieved from the database.

This isn't exactly a "new login system". In fact, it's pretty much the universally accepted way of saving logins. Check your cookies, this very forum has stored a few "random string" cookies on your system exactly as you describe.

But congrats on figuring it out for yourself.
Ah, that makes more sense. No side effects, really. To my knowledge it's just as secure as a regular password (which isn't hugely secure, but "secure enough").

but in youre database you store only $user_auth;

$user_crypt=crypt ($user_name, $user_mail);
$user_auth =crypt ($user_crypt, $user_mail);

where crypt(<key>,<crypted word>)

if somebody trying to hack your system it's too long time to need this.

maby speed of auth not quick, but.....

good luck.
make a function which will
1. take the random string from the cookie
2. update the database time expiration for that string
3. delete all the string entries that are before the server time

Run this function just after session_start()

Hope that is what you want