davidflatman
Baseband Member
- Messages
- 47
I have made a posting script (a kind of shout box system)
I need to have a way to make sure that whatever script is being processed is coming from the same server (i know there is a way to do this) but how?
and also i need a login system.. if i was to implement a system such as this...
and then this on each "protected" page...
I am assuming this is not very secure, and it is also inconvenient, for instance if i need to use another "header('location:')" somewhere else it won't work.
bearing in mind that i only need one user, and i would like a system where the user can easy change the password, what would be a good system? and what are other methods to keep my scripts secure?
sorry for all those questions
I need to have a way to make sure that whatever script is being processed is coming from the same server (i know there is a way to do this) but how?
and also i need a login system.. if i was to implement a system such as this...
PHP:
session_start();
if (isset($_POST['user']) && isset($_POST['pass']))
{
if ($_POST['user'] === 'user' && $_POST['pass'] === 'pass')
{
$_SESSION['aloud '] = true;
header('Location: protectedish.php');
exit;
}
else
{
$wrong = 'Wrong User/Password';
}
}and then this on each "protected" page...
PHP:
session_start();
if (!isset($_SESSION['aloud']) or $_SESSION['aloud'] !== true)
{
header('Location: login.php');
exit;
}I am assuming this is not very secure, and it is also inconvenient, for instance if i need to use another "header('location:')" somewhere else it won't work.
bearing in mind that i only need one user, and i would like a system where the user can easy change the password, what would be a good system? and what are other methods to keep my scripts secure?
sorry for all those questions
