hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Programming Discussion : Cookies for admin area...
Reply

Forum Jump

Cookies for admin area...

Reply Post New Thread In Programming Discussion Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
is useless
 
Join Date: Jan 2002
Location: Ohio
Posts: 3,089
Question

Cookies for admin area...


As some of you may know I'm writing a simulated Credit Card system for my site and I have managed to successfully make the admin login section using a MySQL backend. Anyways, how secure would cookies be for the admin section?

I plan on having the admin page set a cookie upon a successful login and store the username and password in the cookie for the other admin pages to check. If a page detects any inconsistency in the cookie, the person will be sent to the login page.

Any suggestions? Would cookies be good for this, security wise? The script isnt mission critical, but I don't want security that can be bypassed easily.

I could prolly use Sessions, but I want to figure out cookies first

__________________
Glioblastoma Multiforme (GBM) Brain Cancer Awareness. Gray Matters! My (quick) Story of supporting someone close who has it.
Incurable, 6-18 months prognosis, no survivors longer than 3 years.
Don't like what I say? Ignore me.



Sponsored Links
  #2  
Old
Web Hosting Master
 
Join Date: May 2002
Location: UK
Posts: 2,994
There is a better way of doing this. Personally I don't like using cookies for storing important information.

If you are authenticating the username and password via a 401 protocol (the one which pops up a username and password box) either via the server or in PHP then you can access those details on every script call using the SERVER global array

The variables are called
$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']

An example of PHP authentication is below:

PHP Code:
function authenticate() {
    
header"WWW-Authenticate: Basic realm=\"By Password\"");
    
header"HTTP/1.0 401 Unauthorized");
    echo 
"<p><b>Error 401: Unauthorized</b></p>";
    exit;
}

if (!isset(
$_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
    
authenticate();
}
else {
 
// validate correct username and password here



Last edited by Rich2k; 09-10-2002 at 06:14 PM.
  #3  
Old
is useless
 
Join Date: Jan 2002
Location: Ohio
Posts: 3,089
Thumbs up

Ohh... Thats pretty neat. I've always wondered how to do that

Thanks a bunch for the code I think I'll use this instead.

Too bad Apache gives me a Internal Server Error though, but I can still work on it.

__________________
Glioblastoma Multiforme (GBM) Brain Cancer Awareness. Gray Matters! My (quick) Story of supporting someone close who has it.
Incurable, 6-18 months prognosis, no survivors longer than 3 years.
Don't like what I say? Ignore me.

Sponsored Links
Reply

Related posts from TheWhir.com
Title Type Date Posted
New Google Tools Help Publishers Get Consent Around User Data Collection Web Hosting News 2014-07-02 11:58:00
Researchers Uncover Security Vulnerabilities in Popular WordPress SEO Plugin Web Hosting News 2014-06-02 14:51:06
Google Updates Third Party Apps to Improve Security Web Hosting News 2013-11-20 14:52:06
Go Daddy Joomla, Wordpress Hosting Customers See Spotty Admin Access Web Hosting News 2013-04-12 10:56:16
Why Federate when you can Differentiate? Webinars 2014-06-10 11:07:26


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?