|
|
Posted by d on 03/29/06 16:58
"Neal Middlemore" <neal.middlemoreh@tbaesystems.com> wrote in message
news:442a8c91$1_1@glkas0286.greenlnk.net...
> Hi,
>
> I want to be able to add some simple security to one of my pages,
> basically my page allows users to submit a text field which gets parsed
> into MySQL db and displayed on other pages. At the moment anyone can
> submit text which opens the page to abuse. I don't want to implement a
> user login system. I had envisaged the addition of a password entry box
> which the Submit button checks against the db before proceeding, so if any
> user has the correct password then they can submit.
>
> Having never done password stuff before, could somebody please point me in
> the right direction?
You should use the <input type="password"> form input, and POST the data
(not GET) back to the form. Check the password field with your stored
password, and you know whether the user is cool or not :)
> Also, if I have the config data to connect to the mysql db in a PHP file
> on my server, can anybody just open it?
As long as the server isn't configured to allow it to be fed directly to the
user, you'll be safe.
> Thanks
>
> Neal
dave
Navigation:
[Reply to this message]
|