Security

lennalf

I've only just recently started learning how to write PHP. I've developed a program with half a dozen php files, some of which are for displaying a database in the web and the rest of which are for editing the database. What is an easy and secure way to protect the admin. stuff? I already have it in one folder so I am considering just using .htaccess, but that's a lousy solution if I can learn some more php skills. Your suggestions are appreciated, thanks!

autumn

you could create a php include file that will first check the username/pass against an encrypted database password then create a cookie.

Then by placing this include file on every page, the site can check to see if the right person is logged in - if not it kicks them back to the login page. Of course you would have to create a random string that's stored in the cookie and again in the database. That's how the system knows if you're logged in or not.

Check www.hotscripts.com there are plenty of tutorials and scripts for doing this if you can't be bothered writing it from scratch. 😉