Security?

n00854180t

I have a user login system that uses a db. It's really not secure though. See to edit a users information I just used a URL variable to display a link that will take them to the edit page so they can edit their info, but anyone that is not a complete idiot can just substitute the id number and they will be able to get any of the other users' info. How can I make it so that it is more secure?

DigitalExpl0it

one ez way is to use cookies, and check for the cookies.. if no cookie then no enter to pages..

emubilover

what if cookie is disabled? deny the user access??

DigitalExpl0it

yup

or use sessions

planetsim

Id use both. Session and Cookie, that way,if cookies, work they dont require to login again, and secondly. Sessions are a good way of tracking the user.

DeltaRho2K

You may also want to take a look into encrypting the password. Look in the php manual for md5().

This is a one way algorithm, and is pretty secure. This way, if you are passing the encrypted variable in the URL, then the password isn't exposed in the URL.