Reaper0167 Posted April 11, 2010 Share Posted April 11, 2010 If I limit a page to a certain user meaning username, password, and ip is that strong security to keep others out? Link to comment https://forums.phpfreaks.com/topic/198203-securing-a-page/ Share on other sites More sharing options...
flappy_warbucks Posted April 11, 2010 Share Posted April 11, 2010 Yea, just whip something up that checks the username and password, and then create a session to make sure that the user is supposed to be there, if not then show them the form, if the session checks out then show them the restricted content. Link to comment https://forums.phpfreaks.com/topic/198203-securing-a-page/#findComment-1039936 Share on other sites More sharing options...
TeddyKiller Posted April 11, 2010 Share Posted April 11, 2010 The IP bit is failure. For ISP's like mine, the IP's regularly change. - Or if you move house, the IP is likely to be different. This means the user cannot access that page because the IP has been changed. What I'd usually do is a Hash key. Consists of.. the sessions created. Example: sha1(user ID + secret key) Secret key is usually a random string put in the config file. Eg: 2402892SDA929QDW You'd then put the hash, in a session.. You would then check if the hash, is equivalent to the above. eg: if(sha1($_SESSION['id'] . $secret_key) == $_SESSION['hash']) { Allow Access } If you want to display a page only to certain users.. You can simply do $id = 1; - For the user of id 1 then replace $_SESSION['id'] with $id. Pretty secure to me Link to comment https://forums.phpfreaks.com/topic/198203-securing-a-page/#findComment-1039973 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.