Printable View
im working on my admin script and was wondering if you guys could help me figure out how to secure it? i dont know how to go about doing this. the page im working on only needs one user and that is for the administrator. but i dont know how to go about doing it to make it so they login to edit the page. please help.
cookies? sessions? info from db. a lot of ways to do it. given a long box and once logged in than it searches the db to find that login and if found it creates a cookie or lets them in.
well could you help me do it with sessions?
after then log in from the form and you check against a db, then do this
<?
session_start(); // has to be first line of evey page you use sessions on.
//set teh session variable
$_SESSION["user"] = $valuefromdb;
than on every page you want them on just check for that variable
echo $_SESION["user'];
not hard
well, i dont have any of it done. i dont know where to begin for my login...i have a database and a table, then i have a user and password encrypted in md5, i think i know how to check it...
if ($_SESSION["user"] = $row['admin_name']) {
//my code
} else {
echo "login";
}
but how would i check for the correct username and then check for the correct password?
simple, like this
after you login you check the it like this
I am sure I left out some stuff, but you should see the jist of it. now once the login is true and you find the useranme in teh db make sure you set your session to teh stuff in teh db. so the password in the session is encrypted as it comes from the db.PHP Code:if ($_POST["submit"] OR $_SESSION["username"]){
if ($_SESSION["username"]){
$useradmin = $_SESSION["useradmin"];
$password = $_SESSION["pass"];
} else {
$useradmin = $_POST["user"]; // from form in login
$password = md5($_POST["pass"]); // form login form
}
$result = mysql_query("select * from table where adminname = '$useradmin' AND pass = '$password'");
if (mysql_num_rows($result){
// do your code here if found
}
} else {
// do login form here
}
see it is all easy