I have made a posting script (a kind of shout box system)
I need to have a way to make sure that whatever script is being processed is coming from the same server (i know there is a way to do this) but how?
and also i need a login system.. if i was to implement a system such as this...
if (isset($_POST['user']) && isset($_POST['pass']))
if ($_POST['user'] === 'user' && $_POST['pass'] === 'pass')
$_SESSION['aloud '] = true;
$wrong = 'Wrong User/Password';
and then this on each "protected" page...
if (!isset($_SESSION['aloud']) or $_SESSION['aloud'] !== true)
I am assuming this is not very secure, and it is also inconvenient, for instance if i need to use another "header('location:')" somewhere else it won't work.
bearing in mind that i only need one user, and i would like a system where the user can easy change the password, what would be a good system?
and what are other methods to keep my scripts secure?
sorry for all those questions