secure login and content management system

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
rubberjohn
Forum Contributor
Posts: 193
Joined: Fri Feb 25, 2005 4:03 am

secure login and content management system

Post by rubberjohn »

is the tutorial found at

viewtopic.php?t=24789

any good because i am relatively new to php and have not done any kind of login / secure type pages? i am trying to create a secure section on the site that is accessed via a username and password login. this section will allow employees to edit the content on the pages in the rest of the site(i can do this bit)

is the tutorial above ok to use for this or will i have to do a custom script?

also i am a little unsure about the purpose of a lot of security terms and php code, for instance i dont know what sessions are for, can anyone give me a link or any other source that will give me an overview on php security and the neccassary elements in a secure script or even the steps that should be included

ideally soemthing like the following:

step 1 - validate login and password characters
step 2 - check login and password are valid (check in db)
step 3 - create session
step ? - .......
step ? - .......
step x - logout
step xx - destroy session

just so i know what order these things need to be in and what has to be included in the script to provide a secure section on the site

also i want to be able to prevent the secure section being bookmarked or its address being copied into another borwser window and allowing access this way

also is the best way to add and delete users to have an administrator with these priviledges?

also (final question, i promise) is it possible to direct the users to different secure pages so that for instance all regular users are directed to the secure page that contains the content management system and for the administrator to go to another secure page that provides a content management system and the user account management system?

phew thats all

as you can see im a little bit lost with this kind of thing so any help any of you can give would be great

cheers
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Post by AGISB »

The tutotrial one still works but for your usage it might be overkill.

Try to search the complete forum with the term 'authenticate' or 'authentication' and you will find many usefull hints and tips
Post Reply