|
-
Apr 16th, 2003, 09:53 PM
#1
Thread Starter
Hyperactive Member
admin script...
im working on my admin script and was wondering if you guys could help me figure out how to secure it? i dont know how to go about doing this. the page im working on only needs one user and that is for the administrator. but i dont know how to go about doing it to make it so they login to edit the page. please help.
-
Apr 17th, 2003, 11:38 AM
#2
Frenzied Member
cookies? sessions? info from db. a lot of ways to do it. given a long box and once logged in than it searches the db to find that login and if found it creates a cookie or lets them in.
-
Apr 17th, 2003, 07:30 PM
#3
Thread Starter
Hyperactive Member
well could you help me do it with sessions?
-
Apr 17th, 2003, 08:53 PM
#4
Frenzied Member
after then log in from the form and you check against a db, then do this
<?
session_start(); // has to be first line of evey page you use sessions on.
//set teh session variable
$_SESSION["user"] = $valuefromdb;
than on every page you want them on just check for that variable
echo $_SESION["user'];
not hard
-
Apr 17th, 2003, 09:49 PM
#5
Thread Starter
Hyperactive Member
well, i dont have any of it done. i dont know where to begin for my login...i have a database and a table, then i have a user and password encrypted in md5, i think i know how to check it...
if ($_SESSION["user"] = $row['admin_name']) {
//my code
} else {
echo "login";
}
but how would i check for the correct username and then check for the correct password?
-
Apr 18th, 2003, 03:14 PM
#6
Frenzied Member
simple, like this
after you login you check the it like this
PHP Code:
if ($_POST["submit"] OR $_SESSION["username"]){
if ($_SESSION["username"]){
$useradmin = $_SESSION["useradmin"];
$password = $_SESSION["pass"];
} else {
$useradmin = $_POST["user"]; // from form in login
$password = md5($_POST["pass"]); // form login form
}
$result = mysql_query("select * from table where adminname = '$useradmin' AND pass = '$password'");
if (mysql_num_rows($result){
// do your code here if found
}
} else {
// do login form here
}
I am sure I left out some stuff, but you should see the jist of it. now once the login is true and you find the useranme in teh db make sure you set your session to teh stuff in teh db. so the password in the session is encrypted as it comes from the db.
see it is all easy
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote