Jump to content

[SOLVED] Securing an admin panel - Please help

tommyda

By tommyda
in PHP Coding Help

Recommended Posts

tommyda Regular Member

tommyda

Posted
Posted

Hi, I have made an admin panel for one of my projects and I am trying to secure it.

 

The installation script inserts $password = 'password'; in config.php.

 

The code I am using works in securing admin.php but the trouble I am having is when I click admin.php?edit=title or admin.php?edit=whatever the script asks me to login again.

 

I was thinking I could use sessions or cookies but I am a beginner so I have no idea how to implement these functions.

 

Here's the code

 

Include code

require_once('secure_check.php');

 

Secure_check.php

<?php
include'config.php';
   if (isset($_POST['submit_pwd'])){
      $pass = isset($_POST['passwd']) ? $_POST['passwd'] : '';
      
      if ($pass != $password) {
         showForm("Wrong password");
         exit();     
      }
   } else {
      showForm();
      exit();
   }
   
function showForm($error="LOGIN"){
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html>
<head>
   <title>Please Login</title>
   <link href="style/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
    <div id="main">
      <div class="caption"><?php echo $error; ?></div>
      <div id="icon"> </div>
      <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="pwd">
        Password:
        <table>
          <tr><td><input class="text" name="passwd" type="password"/></td></tr>
          <tr><td align="center"><br/>
             <input class="text" type="submit" name="submit_pwd" value="Login"/>
          </td></tr>
        </table>  
      </form>
      
   </div>
</body>       

<?php   
}
?>

ratcateme Member

ratcateme

Posted
Posted 

<?php
session_start();
include'config.php';
if($_SESSION['login']!==true){//check login/show form
   if (isset($_POST['submit_pwd'])){
      $pass = isset($_POST['passwd']) ? $_POST['passwd'] : '';
      
      if ($pass != $password) {
         showForm("Wrong password");
         exit();     
      }
      $_SESSION['login'] = true;
   } else {
      showForm();
      exit();
   }
}

that uses sessions to remember a login

 

Scott.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.