Reply to Re: Protection of admin pages

Your name:

Reply:


Posted by J.O. Aho on 02/06/06 21:03

Dalibor wrote:
> How to protect administration pages from entering.
> I put login form on my start page (index.php), and if user put correct
> data, script redirect him on page admin/admin.php. That works fine!
> But if someone types in browser admin/admin.php it eneteres same page
> without login. How to prevent this?

When login in, save a session cookie and store the ip-number in the session,
on each page that require a login, you check if there is a session and that
the computer is connected from the ip it logged in from (makes it more
difficult to hijack a cookie/session).

another option is to use authentication made by the webserver, this will
require that the person who enters the the directory (and any subdirectories
too) to enter a login/password to be able to access the pages, this removes
you the need of making a special login for admin.


//Aho

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация