Page 1 of 1
web page structure
Posted: Sat May 26, 2007 2:17 pm
by staar2
How you make your web page? I am little pit confused about that. How you connect all pages? How you make them secure?
Posted: Sat May 26, 2007 2:18 pm
by John Cartwright
Those are all very broad questions, and quite impossible to answer without writing a novel. Please ask specific questions.
Posted: Sat May 26, 2007 2:26 pm
by staar2
How i connect all the data between pages. Like in admin panel, i dont want to use GET to transfer all the data.
Like web.ee/admin/delete.php?id=1
Posted: Sat May 26, 2007 2:28 pm
by John Cartwright
the information in the url after ? is available in the $_GET superglobal.
Posted: Sat May 26, 2007 2:41 pm
by staar2
Jcart wrote:the information in the url after ? is available in the $_GET superglobal.
Sorry, did not explain clearly, wanted to say that someone evil man can also go into web.ee/admin/delete.php?id=1 this page and delete entry. How can i avoid it, use some sessions to control is the admin logged in ?
Posted: Sat May 26, 2007 2:44 pm
by feyd
- requiring another login to get into the admin area (or any pages underneath) can help.
- changing the session id when transitioning to other security layers helps too.
- Don't actually delete anything. Instead, mark it as deleted using a flagged column.
Posted: Sat May 26, 2007 2:45 pm
by John Cartwright
Typically when logging in a user is given a session flag to indicate they have permission to access specific pages. In the simplest sense, a is_logged_in flag of some sort is given, ie.
Code: Select all
//semi pseudo
session_start();
if (login is valid)
{
$_SESSION['loggedin'] = true;
}
and then on your admin/delete.php at the top of the page you'd do
Code: Select all
session_start();
if (!isset($_SESSION['loggedin']) || !$_SESSION['loggedin'])
{
//redirect to main page
header('Location: http://domain.com/');
exit();
}
Posted: Sun May 27, 2007 2:55 am
by staar2
should i make Sessions like this Username and md5(password) each time when loads some secret page it checks username and password?