Jump to content

Problem of creating an admin account for my page

downbike

By downbike
in PHP Coding Help

 Share

Recommended Posts

downbike Newbie

downbike

Posted
Posted
I'm just a newbie of creating dynamic web pages.

Im almost done but as u can see in the title... I can't creat my admin account for the site even when my code is right and my database is ok ....
but still i can't logon..

Below is my code of the index.php page:


[code]<?php
if($_GET["logout"])
{
setcookie("autorized","");
setcookie("root","");
header("Location: index.php");
}

if($_POST["submit"])
{
    require("../PHP/config.inc.php");
    $ind=0;
    $SQL="SELECT * FROM users WHERE username='admin". $_POST["username"] ."' AND password='admin". $_POST["password"] ."'";
    $result = mysql_query($SQL) or die("Invalid query");
    $row = mysql_fetch_array($result);

  setcookie("autorized", $_POST['username']);
    if($row["root"]==1)
    {
        setcookie("root",$_POST['username']);
    }
    include "useradmin.php";
    exit;
        }

if($_COOKIE['autorized']){include "useradmin.php"; exit;}?>[/code]

And here is my other page which is linked to the index.php page above

[code]<?
if(!$_COOKIE['autorized']){echo "Session Expired!"; exit;}?>

<?require("../PHP/config.inc.php");
if(!$_GET['limit']){$_GET['limit']=0;}


$result = mysql_query("select * from news where id = '".$_GET['id']."'") or die("Invalid query");
$row = mysql_fetch_array($result);?>[/code]



[b]-----> When I login... The page automaticly said "Session Expired!"[/b]


Anyone help?
Link to comment
Share on other sites
poirot Member

poirot

Posted
Posted
You shouldn't use cookies to store this.
Cookies can be easily changed, so anyone could just change the cookies and impersonate the admin.
Instead, use SESSIONS; something like this:

[code]<?php

session_start();
header("Cache-control: private"); // IE fix

if ($_SESSION['authorized'] = 'yes') {
  // outputs admin page
}[/code]
Link to comment
Share on other sites
downbike Newbie

downbike

Posted
  • Author
Posted
[!--quoteo(post=366667:date=Apr 19 2006, 07:57 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ Apr 19 2006, 07:57 PM) [snapback]366667[/snapback][/div][div class=\'quotemain\'][!--quotec--]
You shouldn't use cookies to store this.
Cookies can be easily changed, so anyone could just change the cookies and impersonate the admin.
Instead, use SESSIONS; something like this:

[code]<?php

session_start();
header("Cache-control: private"); // IE fix

if ($_SESSION['authorized'] = 'yes') {
  // outputs admin page
}[/code]
[/quote]

So I have to put that code in the index page and the code below to the other page right? :
[code]if ($_SESSION['authorized'] = 'yes') {
  // outputs admin page
}[/code]

And by the way, when I try to put this code to my pages, I think there is a problem because I can even access to the pages whichout username and pass ^^ . ....
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.