ok, i need some basic security for a site.. nothing super fancy, but enough to keep anyone from view some stuff. The pages are already blocked from google etc indexing so for the most part, no one will even know they exist.
now, i think i have done this correctly... there is a login page.. wife enters user/pass
then it goes here and this is done first thing
and other pages have this:PHP Code:<?php
session_start();
$loggedin=FALSE;
if (isset($_SESSION['owner'])) {
if ($_SESSION['owner']=='xxxxxx') {
$loggedin=TRUE;
}
}
if (!$loggedin) {
if ($_POST['user']=='xxxxxx' && $_POST['pass']=='xxxxxx') {
$_SESSION['owner']='xxxxxx';
$loggedin=TRUE;
} else {
if (isset($_SESSION['attempt'])) {
$_SESSION['attempt']=$_SESSION['attempt']+1;
} else {
$_SESSION['attempt']=1;
}
if ($_SESSION['attempt'] > 4) {
header("location:http://google.com");
}
}
}
?>
is that good enough? I tried putting in wrong passwords and it seemed to work.. and tried going to pages without 'logging in' and it seemed to work... but being new to sessions... is this good enough?PHP Code:session_start();
$loggedin=FALSE;
if (isset($_SESSION['owner'])) {
if ($_SESSION['owner']=='xxxxxx') {
$loggedin=TRUE;
}
}
if (!$loggedin) {
header("location:index.html");
die('tsk tsk');
}
Thanks all!
Reply With Quote