immunity Posted June 26, 2007 Share Posted June 26, 2007 Hello i have my site in 195.***.***.***/~labdb219I have 2 kind of usersmember and admin there are 5 pages that member cant access only the adminso I am in the index pageI 2 input texts and a button when user type username and password i request from php page (AJAX) echo $username.";".$type;so i have the string "username;type"now what ? :)Can someone give me 3 example for set the cookie , pass througth pages ,check if user is admin unless window.location="/index.html/Thanks John Link to comment Share on other sites More sharing options...
justsomeguy Posted June 27, 2007 Share Posted June 27, 2007 You will want to use PHP to set and check the cookies instead of Javascript, Javascript won't be secure enough. There's nothing special you have to do to pass it through pages, as long as you set the domain and path correctly. The browser will send the cookie automatically. Here is the reference page for setting cookies, you should check the examples and the user comments near the bottom, there is quite a bit of information here:http://www.php.net/manual/en/function.setcookie.phpSecondly, don't put the user type in the cookie, someone can just create their own cookie, say they are an admin, and get access. People can make their own cookies. So what you should do is store the user name in a cookie, and an ecrypted password in a cookie. You get both from the next page, and check that the username and password match with whatever database or whatever you're using to store that information. When you are checking the username and password you can also check what type of user they are, so you'll know that as well. Link to comment Share on other sites More sharing options...
immunity Posted June 27, 2007 Author Share Posted June 27, 2007 You will want to use PHP to set and check the cookies instead of Javascript, Javascript won't be secure enough. There's nothing special you have to do to pass it through pages, as long as you set the domain and path correctly. The browser will send the cookie automatically. Here is the reference page for setting cookies, you should check the examples and the user comments near the bottom, there is quite a bit of information here:http://www.php.net/manual/en/function.setcookie.phpSecondly, don't put the user type in the cookie, someone can just create their own cookie, say they are an admin, and get access. People can make their own cookies. So what you should do is store the user name in a cookie, and an ecrypted password in a cookie. You get both from the next page, and check that the username and password match with whatever database or whatever you're using to store that information. When you are checking the username and password you can also check what type of user they are, so you'll know that as well.thank you very much ! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.