hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Programming Discussion : Cookies for admin area...
Reply

Forum Jump

Cookies for admin area...

Reply Post New Thread In Programming Discussion Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 09-10-2002, 04:09 PM
MGCJerry MGCJerry is offline
is useless
 
Join Date: Jan 2002
Location: Ohio
Posts: 3,034
Question

Cookies for admin area...


As some of you may know I'm writing a simulated Credit Card system for my site and I have managed to successfully make the admin login section using a MySQL backend. Anyways, how secure would cookies be for the admin section?

I plan on having the admin page set a cookie upon a successful login and store the username and password in the cookie for the other admin pages to check. If a page detects any inconsistency in the cookie, the person will be sent to the login page.

Any suggestions? Would cookies be good for this, security wise? The script isnt mission critical, but I don't want security that can be bypassed easily.

I could prolly use Sessions, but I want to figure out cookies first

__________________
Don't like what I say? Ignore me because it will be the only way you can shut me up.



Sponsored Links
  #2  
Old 09-10-2002, 06:05 PM
Rich2k Rich2k is offline
Web Hosting Master
 
Join Date: May 2002
Location: UK
Posts: 2,994
There is a better way of doing this. Personally I don't like using cookies for storing important information.

If you are authenticating the username and password via a 401 protocol (the one which pops up a username and password box) either via the server or in PHP then you can access those details on every script call using the SERVER global array

The variables are called
$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']

An example of PHP authentication is below:

PHP Code:
function authenticate() {
    
header"WWW-Authenticate: Basic realm=\"By Password\"");
    
header"HTTP/1.0 401 Unauthorized");
    echo 
"<p><b>Error 401: Unauthorized</b></p>";
    exit;
}

if (!isset(
$_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
    
authenticate();
}
else {
 
// validate correct username and password here



Last edited by Rich2k; 09-10-2002 at 06:14 PM.
  #3  
Old 09-10-2002, 06:40 PM
MGCJerry MGCJerry is offline
is useless
 
Join Date: Jan 2002
Location: Ohio
Posts: 3,034
Thumbs up

Ohh... Thats pretty neat. I've always wondered how to do that

Thanks a bunch for the code I think I'll use this instead.

Too bad Apache gives me a Internal Server Error though, but I can still work on it.

__________________
Don't like what I say? Ignore me because it will be the only way you can shut me up.

Sponsored Links
Reply

Related posts from TheWhir.com
Title Type Date Posted


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?