I'm trying to make a login that will authenicate you for all of my "admin scripts" in the /admin directory. Here is the code for the two scripts. The first one is the login, the second one would be the script that helps me run my website and I don't want the script to run unless they've signed in. http://members.lycos.co.uk/macrocosm/login.phps and http://members.lycos.co.uk/macrocosm/test.phps
What can I do to the php code to make this system be safer?
I'm getting 404 errors on both of those links.
What I recommend for a reasonably-safe login would be sessions. The only information stored on the remote computer is the session ID, which is only unsafe in the manner that the ID can be essentially "stolen."
whops my bad here this should work better http://members.lycos.co.uk/macrocosm/admin/
I use sessions, but people tell me they can still be spoofed and stuff or something...
Well , i didn't test your login yet ..but i just had an idea
maybe u can check for both session & IP ?
i mean store the ip when making each session .. and then check it each time !
this should be nice enough i guess
