Security

[ded]

I want to create an ADMIN directory with several directory under that.  I want to be certain that the user cannot log into any of the directory unless they have confirmed login.

 

Is $_session id's the best way to go?  Should I create on the flyer and attached to username?  What is the best practice for this?

 

Regards,

DED

 

[xyph]

Check out my signature for an article covering everything you need to know about PHP user/pass managment.

 

It provides working examples, and goes very in depth - though I don't agree with their use of the global keyword.

 

Alternately, you can use HTTP authentication if you want to be more simple.

http://php.net/manual/en/features.http-auth.php

Or use Apache's htpasswd

http://httpd.apache.org/docs/2.0/programs/htpasswd.html

[ded]

will do.....thank you

[ded]

First....thank you very much for this information.

Second....sorry for bothering you with this, but I cannot figure it out and it is probably very simple

 

ok....I have read through most of the information and have keyed in the first portion for testing purposes.  I have an issue.  Once I hit submit, the record in the database is written without a problem, but then a screen pops up that says "Do you want to open or save this file?"  When I click open, a notepad shows up reading "User Created".  Shouldn't it just echo it on the user-man.php screen?