Hi,
My client wants me to create a admin page for him, which should display all the user accounts along with a checkbox, with a delepe option. And this page should be displayed only if the user is admin. (I have auto delete scheduler, but he wants this option so he can delete some user manually)
As you can see the issue is, if any user gets the admin username and password, he can login and delete all the users.
So, I created a seperate page for admin login. The home page has a link for users login page, login.php. Now I have created adminlogin.php. There is no link in the website that points to this page. So, one has to know the specific url, in addition to the admin username and password to enter and delete all the information.
I'm wondering whether this is sufficient or not? Or is it good idea to have this sort of page. Or is there anyother way to do this?
Thank you
senthil
your vie won this type of implementation
Moderator: General Moderators
but the administrator is responsible for choosing a good password. Without that you can make the login as secure as you want, it's void 
For example you can force a minimum length and the appearance of certain characters (len: 8+ chars, at least 1 digit, 1 non-alphanum char [,;!$%...]).
Let the script disable transid support and set the session lifetime to 0 (until browser is closed) via ini_set.
Wether it is worth to use https or not is up to you.
For example you can force a minimum length and the appearance of certain characters (len: 8+ chars, at least 1 digit, 1 non-alphanum char [,;!$%...]).
Let the script disable transid support and set the session lifetime to 0 (until browser is closed) via ini_set.
Wether it is worth to use https or not is up to you.
