Page 1 of 1
is it safe?
Posted: Mon Dec 22, 2003 3:43 pm
by thomasd1
is it safe if i just make an admin page, and the password is just a variable?
and without using cookies with that...

Posted: Mon Dec 22, 2003 4:46 pm
by Gen-ik
Cookies are unsafe anyway as they are stored client-side.. never store passwords in cookies.
As long as you use a password which no one else is likely to know then you can just keep it in the PHP page somewhere. As long as no one else has access the the actual PHP page (via FTP) then it is pretty secure.
Posted: Mon Dec 22, 2003 5:01 pm
by thomasd1
ok thanks
and what i was gonna do with the cookies was creating a login/logout system ... but i don't know if it's safe or not ...
Posted: Mon Dec 22, 2003 5:33 pm
by Gen-ik
As far as keeping track of wether or not a user is logged in then [php_man]session[/php_man]s are probably your best bet. To store usernames/passwords then [php_man]mysql[/php_man] (or a similar database) is cool.
Unless you have no other choice then I would advise against using cookies for user information.. but it's up to you

Posted: Mon Dec 22, 2003 5:36 pm
by d3ad1ysp0rk
how would you make a "stay logged in" option then?
if you can't keep the password there, can't they just edit their cookie to say they're the admin or w/e?
Posted: Mon Dec 22, 2003 5:49 pm
by Gen-ik
When anyone decides to stay logged-in via an option then you generate a unique id number for them.. and you do this every time the option is selected. You then add/update the id and username in database.
1. Generate unique ID.
2. Add/Update id and username to a database.
3. Dump the id into a Cookie.
When the site loads up you check for the Cookie, if it exists then you read the id number from it and get the users info from the database.