[thelist] PHP Login Security
Benjer
futureweb at macmail.com
Fri Oct 11 08:39:01 CDT 2002
Nmk. Sorry cant give u an answer but your system date is very out.
Hence your email was at the bottom of my app....
27/8/01.....
On 27/8/01 12:39 am, "Nickolay Kolev" <nmkolev at uni-bonn.de> wrote:
> Hi all,
>
> I have a small homemade blog in PHP (it does however support amost all
> you might want).
>
> The login mechanism is so far the following. A form is submitted to the
> login script which registers uname and password in a session and checks
> the session uname and pass against the administator database. If they
> exist and match the location header is sent and another site is loaded..
> If not the session is destroyed and an error page is shown.
>
> On the main site I check for a session and a registered variable
> "password" and if those are found the admin links and rights are in
> play. If not , the dafault (visitor) page is shown (admin links do not
> appear)...
>
> Maybe I should mention that pages that are strictly for the admins
> (post message, edit message, delete message and so forth) have a header
> that checks for the session and password and if not found they
> automatically load an error page (with the location header)....
>
> Could this be improved in some way? What are possible problems with the
> setup? Easy ways to get in?
>
> Thanks a lot,
> nmk
<!------------------------
benjer at macmail.com
------------------------->
More information about the thelist
mailing list