[RESOLVED] Password Protection help...

middleman666

hey, I need the following code/page to be password protected and wondered how I should go about doing it?


$entryID = $_GET['id'];

$query = "DELETE FROM `bkah` WHERE `id` = '$entryID' LIMIT 1";

mysql_query($query);

//redirect to showcart page

header("Location: index.php");

exit;

thorpe

it could be as simple as wrapping it in an if statement that checks a session var to see if a user is logged in as admin.

  if ($_SESSION['user'] == 'admin') {
    $entryID = $_GET['id']; 

$query = "DELETE FROM `bkah` WHERE `id` = '$entryID' LIMIT 1"; 

mysql_query($query); 

//redirect to showcart page 

header("Location: index.php"); 

exit;
  }

middleman666

cheers for your help.

i decided to simply put an if function on the display page so the delete link only displays when i add ?password=blah at the end of the address.

thats probly not the most secure way of doing this but its only a small project.

cheers again!

GirishR

With a little more effort you can encrypt the password using md5 and then pass the encrypted password as a query string or whatever. Also try not to very evident when passing the string mentioning that it is a password. i.e. rather than

?password=blah

you can use

?p=ede0f9c3a1d2093e3f48fcafd3c70915

middleman666

Have you got a link to a md5 encrypter?

sounds like a good idea to take it a bit further, but is that really changing much security wise?

at the moment im just adding the ?password=blah at the end of the address bar, if I was to use a md5 password wouldnt I just have more to write?

if your thinking something different like keeping the ?password=blah and then using the md5 password in say an IF function then is it still worth it?

i think what im trying to say is, is there anyway in which someone could get hold of my source file other than watching me type in the password at the end of the address bar?...

thanks for your input!