downbike

[!--quoteo(post=366667:date=Apr 19 2006, 07:57 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ Apr 19 2006, 07:57 PM) [snapback]366667[/snapback][/div][div class=\'quotemain\'][!--quotec--] You shouldn't use cookies to store this. Cookies can be easily changed, so anyone could just change the cookies and impersonate the admin. Instead, use SESSIONS; something like this: [code]<?php session_start(); header("Cache-control: private"); // IE fix if ($_SESSION['authorized'] = 'yes') {   // outputs admin page }[/code] [/quote] So I have to put that code in the index page and the code below to the other page right? : [code]if ($_SESSION['authorized'] = 'yes') {   // outputs admin page }[/code] And by the way, when I try to put this code to my pages, I think there is a problem because I can even access to the pages whichout username and pass ^^ . ....

I'm just a newbie of creating dynamic web pages. Im almost done but as u can see in the title... I can't creat my admin account for the site even when my code is right and my database is ok .... but still i can't logon.. Below is my code of the index.php page: [code]<?php if($_GET["logout"]) { setcookie("autorized",""); setcookie("root",""); header("Location: index.php"); } if($_POST["submit"]) {     require("../PHP/config.inc.php");     $ind=0;     $SQL="SELECT * FROM users WHERE username='admin". $_POST["username"] ."' AND password='admin". $_POST["password"] ."'";     $result = mysql_query($SQL) or die("Invalid query");     $row = mysql_fetch_array($result);   setcookie("autorized", $_POST['username']);     if($row["root"]==1)     {         setcookie("root",$_POST['username']);     }     include "useradmin.php";     exit;         } if($_COOKIE['autorized']){include "useradmin.php"; exit;}?>[/code] And here is my other page which is linked to the index.php page above [code]<? if(!$_COOKIE['autorized']){echo "Session Expired!"; exit;}?> <?require("../PHP/config.inc.php"); if(!$_GET['limit']){$_GET['limit']=0;} $result = mysql_query("select * from news where id = '".$_GET['id']."'") or die("Invalid query"); $row = mysql_fetch_array($result);?>[/code] [b]-----> When I login... The page automaticly said "Session Expired!"[/b] Anyone help?