[PHP] Login and Security help

davidflatman · 07-29-2008, 07:02 PM

I have made a posting script (a kind of shout box system)
I need to have a way to make sure that whatever script is being processed is coming from the same server (i know there is a way to do this) but how?
and also i need a login system.. if i was to implement a system such as this...

PHP Code:


			
session_start();
if (isset($_POST['user']) && isset($_POST['pass']))
{
    if ($_POST['user'] === 'user' && $_POST['pass'] === 'pass')
    {
        $_SESSION['aloud '] = true;
            header('Location: protectedish.php');
            exit;
    }
        else 
        {
        $wrong = 'Wrong User/Password';
        }
}

and then this on each "protected" page...

PHP Code:


			
session_start();
if (!isset($_SESSION['aloud']) or $_SESSION['aloud'] !== true)
    {
        header('Location: login.php');
        exit;
    }

I am assuming this is not very secure, and it is also inconvenient, for instance if i need to use another "header('location:')" somewhere else it won't work.

bearing in mind that i only need one user, and i would like a system where the user can easy change the password, what would be a good system? and what are other methods to keep my scripts secure?

sorry for all those questions

07-29-2008, 07:02 PM	#1
davidflatman Baseband Member Join Date: Apr 2006 Posts: 47	[PHP] Login and Security help I have made a posting script (a kind of shout box system) I need to have a way to make sure that whatever script is being processed is coming from the same server (i know there is a way to do this) but how? and also i need a login system.. if i was to implement a system such as this... PHP Code: `session_start(); if (isset($_POST['user']) && isset($_POST['pass'])) { if ($_POST['user'] === 'user' && $_POST['pass'] === 'pass') { $_SESSION['aloud '] = true; header('Location: protectedish.php'); exit; } else { $wrong = 'Wrong User/Password'; } }` and then this on each "protected" page... PHP Code: `session_start(); if (!isset($_SESSION['aloud']) or $_SESSION['aloud'] !== true) { header('Location: login.php'); exit; }` I am assuming this is not very secure, and it is also inconvenient, for instance if i need to use another "header('location:')" somewhere else it won't work. bearing in mind that i only need one user, and i would like a system where the user can easy change the password, what would be a good system? and what are other methods to keep my scripts secure? sorry for all those questions __________________ Say no to fascism, Don't get vista.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode