Page 1 of 1

News for Everyone!!!

Posted: Wed Aug 10, 2005 5:46 pm
by lupus2k5
Call me stupid, but I just made my first PHP/MySQL script. Woohoo!

Sorry, to get to the point...

I am an incredible genius, but could someone possibly show me how Session IDs work? Here's more information about my query...
This is a description of my PHP script:

It allows you to input information that passes through a PHP file, gets added to the MySQL.
It then shows all MySQL entries (in an organized fashion) on another PHP page.
The MySQL also has an 'auto_increment' id field.
If you go to mydomain.com/update.php?id=1 you can update the information (obviously of the entry id 1).

I was hoping someone could tell me how to secure this.
What I want is a link on another PHP file that links to update.php but with a completely random ever-changing session ID so that only this certain person viewing it can actually "update" their SQL entry.

Any suggestions? I would've done this in another forum, like support, but I don't need a quick answer, just when someone has time.

Posted: Wed Aug 10, 2005 5:58 pm
by s.dot
a suggestion would be to hardcode a password into your script, and provide a form to input the password, then check if it is correct. That is only if one, or two, people need to access this page.

Another way would be to store login credentials in a database, and dynamically check the password for the logged in user and provide a password box for them, then check to see if the password provided matches the username for that password.

If it's going to be a multi user system, logins will be needed (a database as well). If it's going to be a single user system, a hardcoded password would work fine.

Re: News for Everyone!!!

Posted: Wed Aug 10, 2005 6:11 pm
by hawleyjr
lupus2k5 wrote:I am an incredible genius
Wow an incredible genious...?

Posted: Wed Aug 10, 2005 6:20 pm
by feyd
that's great to hear you made your first script!

Moved to PHP - Code. :?

Posted: Thu Aug 11, 2005 10:41 am
by lupus2k5
scrotaye wrote:a suggestion would be to hardcode a password into your script, and provide a form to input the password, then check if it is correct. That is only if one, or two, people need to access this page.

Another way would be to store login credentials in a database, and dynamically check the password for the logged in user and provide a password box for them, then check to see if the password provided matches the username for that password.

If it's going to be a multi user system, logins will be needed (a database as well). If it's going to be a single user system, a hardcoded password would work fine.
But wouldn't that result in having the password in the URL? I'd like to have something encrypted first, but I don't know how that works. Is it maybe performing a mathematical operation to encrypt the password to a seemingly random number?