PHP Login &amp; Encryption

PHP Login & Encryption

N4N01D

Hi, after having no luck with my host and the HTaccess ive decided to use a html form and MD5 hash's to encrypt a password however i have 3 pages i need to protect (index, edit and add) as i dont want to login every time i change a page please can you help me with the cookie issue.

I have replaced the MD5 Hash with HASH, also i dont want any plaintext passwords being stored in any file or db, please can you advice the best way to do this

Index.php file -

http://pastebin.com/339874

Please can you tell me the best way to protect the edit.php and add.php files?

Thanks
N4N01D

mfacer

why not use a session? When you log in once, set $_SESSION['loggedin'] to TRUE, then on each page check if that session has been set. If its not been set, then redirect to the login page..... that what you're after?

N4N01D

ah, i didnt know how to go about that, i will try it now and post back later 🙂 thanks

edit : is it possible to set a timeout for how long the session stays active?

bbreslauer

Check out the login script on this page. There's some documentation that goes along with it, regarding how to set it up. It logs someone in based on an entry in a MySQL database, allows them to have a set userlevel (giving them admin access, etc), and uses SESSION variables to track whether they are logged in or not.

http://filletoghoti.com/projects.html

N4N01D

thanks, ill check it out now 😃

N4N01D

that sorted my prob thanks, i hadnt got the bit to start the session or destroy it