Jump to content

Website login and security


akondeti
 Share

Recommended Posts

Gurus,I have created a website and added a login form. Upon login I will be thrown a html form which allows me to do admin kind of work, which only i want to have access to.The login page is doing good. But here is what i noticed. When i enter in the browser the private html file name following my domain name, the form appears right away and I or anyone could do the admin functions bypassing the login.How can I make sure that a specific form is accessible only thru login script and not by direct invocation(just by typing form name on webbrowser following domain name)?Thanks for your help.Regards,novice123

Link to comment
Share on other sites

Have a column in your user table called user_level, for your admin account, set it to some value(it doesn't matter what you choose, just as long as you remember), and some other number for normal users. upon login, check the level of the user, if they're the right level, show the form, if not, don't. By the way, no offense to w3, but I personally found the PHP articles here kinda bad, and very un-useful. It's best to just find freeware scripts on googlecode and just take it apart one line at a time.

Link to comment
Share on other sites

Security through obscurity does not work. If someone gets a directory listing they can find out the filename and go there anyway. Or they can look at your browser and write down the name. Or they can use a traffic analyzer to sniff the network and see the name. That's not a great solution. A better solution is to actually put security on the file. The way to do that is create user accounts and check on the page for someone logged in. I've already gotten a request to write a tutorial about that but I haven't found time yet, if I can find time I'll get one together and post it to my tutorial thread.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...