is it safe?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
thomasd1
Forum Commoner
Posts: 80
Joined: Sat Nov 22, 2003 2:48 pm
Location: Belgium

is it safe?

Post by thomasd1 »

is it safe if i just make an admin page, and the password is just a variable?
and without using cookies with that... :roll:

:roll:
Gen-ik
DevNet Resident
Posts: 1059
Joined: Mon Aug 12, 2002 7:08 pm
Location: London. UK.

Post by Gen-ik »

Cookies are unsafe anyway as they are stored client-side.. never store passwords in cookies.

As long as you use a password which no one else is likely to know then you can just keep it in the PHP page somewhere. As long as no one else has access the the actual PHP page (via FTP) then it is pretty secure.
User avatar
thomasd1
Forum Commoner
Posts: 80
Joined: Sat Nov 22, 2003 2:48 pm
Location: Belgium

Post by thomasd1 »

ok thanks


and what i was gonna do with the cookies was creating a login/logout system ... but i don't know if it's safe or not ...
Gen-ik
DevNet Resident
Posts: 1059
Joined: Mon Aug 12, 2002 7:08 pm
Location: London. UK.

Post by Gen-ik »

As far as keeping track of wether or not a user is logged in then [php_man]session[/php_man]s are probably your best bet. To store usernames/passwords then [php_man]mysql[/php_man] (or a similar database) is cool.

Unless you have no other choice then I would advise against using cookies for user information.. but it's up to you :)
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

how would you make a "stay logged in" option then?

if you can't keep the password there, can't they just edit their cookie to say they're the admin or w/e?
Gen-ik
DevNet Resident
Posts: 1059
Joined: Mon Aug 12, 2002 7:08 pm
Location: London. UK.

Post by Gen-ik »

When anyone decides to stay logged-in via an option then you generate a unique id number for them.. and you do this every time the option is selected. You then add/update the id and username in database.

1. Generate unique ID.
2. Add/Update id and username to a database.
3. Dump the id into a Cookie.

When the site loads up you check for the Cookie, if it exists then you read the id number from it and get the users info from the database.
Post Reply