May 14th, 2008, 08:49 AM
|
|
Registered User
|
|
Join Date: May 2008
Posts: 8
Time spent in forums: 1 h 16 m 20 sec
Reputation Power: 0
|
|
Of course anything is possible, but your method is pretty safe. As long as you have register globals turned off, you should be fine.
Quote: | Originally Posted by Pabs I'm building a site which will have a control panel for the admin users so that they can update news items. events, etc. also be able to remove data from the DB.. .that's why I'm a little paranoid...adding stuff can always be removed...if they get in and start deleting records....that's bad
obviously I only want the Admin users will have access to this..
now.. I have a login page and in that file I set a session var called "permission" to true if the user has been verified (via a DB check). or false or null if user name and pass don't match.
in every page I need to have secured info in I simply check if that session variable is set to true...if it is display the info if not I redirect to the log on screen...
the start of my file would look like this (any secure file):
PHP Code:
<? startMysession();
if(!session_is_registered('permission')) :
header('Location: index.php');
endif;
show_secure_content(); //secure content here (only go here if the if failed)
?>
it works fine... I'm just wondering if that can actually be "cracked"?
it seems so simple...yet I'm not sure how you could hack it...
am I safe or should I add another level of security?
thanks
Pabs |
|
Codewalkers Forums Sponsor:
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
