Hi, This is my first message;
I just want to ask about control panel login security. In my system i use a different method. Because there is only one admin and they need only one username and password. I select all data from admin table on database and i send them an array. Then i compare the usernames and passwords, maybe via array_search or another fuction can be used, if username and password are true login else to the form.
I hope you will understand what i mean. I think this will avoid injection for the systems has few admin. I need your answers to be sure.
Thanks a lot
About admin panel login functions and avoid injection
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: About admin panel login functions and avoid injection
If you are saying that you do not use a database, but instead store the data in an array, then yes you will eliminate SQL injection. But you still may need to filter and escape the input.
(#10850)