|
Posted by Ben Allen on 11/15/62 11:22
Iluke wrote:
> My recommendation would be for you to do it through a .htaccess file. Most
> web hosts will give you the ability to do this through your admin, but you
> can do it by hand easily - do a google on it.
>
> The problem with .htaccess files though, is, you get a naff looking box pop
> up asking for your username and password. If you want to be able to design
> the form you fill out, then a POST form will do the trick. This is how I've
> written (what I hope are) secure admins.
>
> At the very top of every page put: session_start(); - look at php.net for
> documentation on PHP sessions if you're unsure what they are.
>
> Have PHP create a new session variable when the password and username are
> correct. e.g.:
>
> if ($_POST['pass'] == "s2132t163" && $_POST['user'] == "me") {
> $_SESSION['adminlogin'] = "yes";
> }
>
> On each page that needs to be protected, put this line before any content is
> printed:
>
> if (!isset($_SESSION['adminlogin'])) { die "Unauthorised access"; }
>
> Having this means if the session variable hasn't been created, the page
> won't load past this point and an 'unauthorised' message will display.
>
> Ka kite,
> Luke
>
>
>
Thanks for your replies everyone. My host can do .htaccess which I
completely forgot about, although I don't like the pop-up boxes either.
Anyone know of any security issues doing it Luke's way? I may do it this
way, or use .htaccess.
Thanks,
Ben
[Back to original message]
|