Quote:Original post by BUnzaga
One thing I was thinking I could try. Keep in mind, I am new to this, so this might be a dumb idea. I was thinking I could generate a sha1(microtime()) session ID and then check this after every command. If the user trys to login again, then the session ID won't match.

Is this already done in some way? Am I just making it too hard?

I was thinking that you could just use session_id along with the PHP session code. You'll still need the "login TTL" logic though.

But then again, I don't really know much about PHP.

Hey thanks for those awesome function examples Rycross!

As far as the user name and password, when the account is created, it is stored on the server as sha1(), similar to what other people have done. Then when the user logs in, I just check the hash to hash comparison.

Are you saying that I should somehow hash the password BEFORE it is passed to the login.php script?

I'm very new to php/mySQL, but I am pretty good at programming in general.

Thanks for the help!

Awesome hplus0603, I added that link to my favorites and I just read through it all. I'll be referencing it as I continue my game design.