username and login protection

4ebura6ka

Hello,

I've such a problem. I've bought a hosting service. Company gave me ftp, mysql and etc. usernames and passwords.

As a newby I've read php manual and security tips on [URL=http://]www.php.net[/URL] about database connection.
But I've found the answer there - HOW TO PROTECT MYSQL USERNAME AND PASSWORD.

For example, I would like to create a CMS (content management system) of my site. There is a part of my login script:

<?
$username = $_POST["username"];
$password = $_POST["password"];
$submit = $_POST["submit"];

// if "Login" button was pressed
if (!is_null($submit))
{
//In this place I've to connect to the MYSQL DB and check username and password. But I don't know how to do it.
//Is it securelly to write $result = mysql_pconnect() with all parameters?
}

?>
<form action="index.php" method=POST>
<input type = "text" name = "username">
<inpu type = "text" name = "password">
<input type = "submit" name = "submit" value = "Login">
</form>

ClevaTreva

I think what you are asking is how can you secure your database connection for the content management system?

Most web spaces have your root directory as /public_html

In that, you might have a directory called contentmanager, where all the php files to retrieve and display the content are kept. Inside that you might have an admin directory, where the content can be updated. THAT directory needs password protecting using .htaccess

You hosting package should allow you to do this. If you have CPanel control panel, there is a function to do this.

If you cannot set the .htaccess on that directory (it would have to be a very cheap (free) host that didn't let you do this) you would have to resort to a login via your script. That can be hacked, and there is little you can do to stop this. You can make it harder, but any budding hacker would get in, very quickly.

Trevor

4ebura6ka

Thank You very much for information. It's very usefull.