matthew798 Posted September 11, 2008 Share Posted September 11, 2008 At long last i have finished the admin system to a website i'm constructing. Now, i can sleep. But only after you 'riddle me this'. For now, all i have protecting the administrative pages is a measly "if(isset)" that checks to see if a username is stored in a session variable. Now this does the trick, but it's neither appealing nor does it feel very secure. So what i have is a username variable stored in $_SESSION. Is there anything i can do that's safer than "if(isset)" with or without that variable? Thanks in advance! Link to comment https://forums.phpfreaks.com/topic/123725-php-page-security/ Share on other sites More sharing options...
matthew798 Posted September 11, 2008 Author Share Posted September 11, 2008 bump? Link to comment https://forums.phpfreaks.com/topic/123725-php-page-security/#findComment-638889 Share on other sites More sharing options...
ratcateme Posted September 11, 2008 Share Posted September 11, 2008 if you want to stop people stealing session id's you could add an IP check so that stored in a session is the IP of the user when they login. if you want to check that the username is right you could do a mysql query and check that the user has admin privileges. Scott. Link to comment https://forums.phpfreaks.com/topic/123725-php-page-security/#findComment-638891 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.