Jump to content


Photo

Sorry for dumb newbie question


  • Please log in to reply
6 replies to this topic

#1 derekm

derekm
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 12 July 2006 - 09:56 PM

I've been given the task of putting a website up for my department. Unfortunately our organizations IT division does not have MySQL installed on the server and the prospect of it looks dim. :(

Being very new to PHP, I find myself in a quandry.

I have a form, to update my department heads message on the main page, that is an include based on a users cookie. However, I need to make sure that no one stumbles across this form and updates it unless they are authorized. Does PHP provide a way to detect the exact referring page? Would this be poor security due to, my understanding, some servers not reporting the referring page?

I've thought about splitting the form so the submit button is not in the include file but it looks like garbage when I do that.

Any help for a newbie would be greatly appreciated. Thanks.

#2 GingerRobot

GingerRobot
  • Staff Alumni
  • Advanced Member
  • 4,086 posts
  • LocationUK

Posted 12 July 2006 - 09:59 PM

Could you not include a password in the php file and have that as one of the inputs on the form?

#3 cmgmyr

cmgmyr
  • Members
  • PipPipPip
  • Advanced Member
  • 1,278 posts
  • LocationUSA

Posted 12 July 2006 - 10:02 PM

I guess if you really wanted to, you can make a flat file database to store some user data like level. if level = 1 (admin) then you can see the form.

-Chris

#4 derekm

derekm
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 13 July 2006 - 01:49 PM

Thanks for the responses. I think I wil probably try the password as part of the form while I research how to do flat file database layout.

Thanks again.

#5 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 13 July 2006 - 02:05 PM

There is also the option of sqlite, much quicker than mysql in many situations.

#6 hostfreak

hostfreak
  • Members
  • PipPipPip
  • Advanced Member
  • 581 posts

Posted 13 July 2006 - 04:36 PM

Why not use sessions, and user levels? The if the session is a certain user level it will show it etc.

#7 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 13 July 2006 - 04:38 PM

^ Agreed, use sessions. They're more secure and easy to use.

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users