securing admin pages

  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

what does the third one mean?

Image
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

I'm just asking because if you plan a projecct properly development time is cut in half. I understand urgent deadlines, pain in the bum really but if you are learning at the moment then I would recommend that planning be one of the lessons. :wink:

That way you can map out your application nicely and not end up wanting a script to block proxies - :twisted:
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

True rapid, never in my life have i ever planned but im keen to take up your advice on that :)
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

An algorithm is the heart of your application.

Your log on procedure that you are currently working on is an algorithm.

No 3 is the planning of the algorith probably using uml (unified modeling language - which you will learn about as you go on).

You don't have to sit and draw neat diagrams and stuff, just a pen, piece of paper and draw up flow diagrams that solve your specific problem.

Like the reference though :lol:
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

ah, i just use paint,, i got a small workstation :P
  • rtm223
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1855
  • Loc: Uk

Post 3+ Months Ago

The site was the first thing I could find in the systems life cycle, that had the steps all written out.

I tend to use pencil and an a3 pad for drawing though :)

Think of it this way nem, planning may be dull, but at least it doesn't get stressful like debugging does. Avoid all the stress you can. I'll pick dull over pulling out my hair any day lol.

In the past when I have not planned properly, I have got halfway through (about a month's work) and realised the other half would never work unless I re-wrote everything. I shall not be making that mistake again :roll:

//Good call on the proxies btw
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

I suppose, you never know will help on a project im planning on doing soon.

May save me from getting hacked too!
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

im back to my code now.

I changed the cookie code, is this correct at all?

PHP Code: [ Select ]
 
if ($user_data[id] > 1) {
 
Setcookie("admin", $userid, Time()+3600);
 
header("Location: admin.php");
 
 
  1.  
  2. if ($user_data[id] > 1) {
  3.  
  4. Setcookie("admin", $userid, Time()+3600);
  5.  
  6. header("Location: admin.php");
  7.  
  8.  

now on the other pages

PHP Code: [ Select ]
if(isset($_COOKIE["admin"])) { echo 'welcome'; } else { echo 'You need to login to view this area of the site';}?>
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

what have i done? :O

PHP Code: [ Select ]
<?PHP
 
include('connect.php');
 
if ($_POST[user] && md5($_POST[pass])) {
 
$user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
 
//If they match add a cookie and go to admin page
 
if ($user_data[id] > 0) {
 
Setcookie("admin", $userid, Time()+3600);
 
//Otherwise
 
} else { $login_error = false; }
 
}
 
//If its right show this message
 
if ($login_error == true) {
 
echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
//If not then show this
 
} else {
 
echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
 
}
 
?>
 
 
  1. <?PHP
  2.  
  3. include('connect.php');
  4.  
  5. if ($_POST[user] && md5($_POST[pass])) {
  6.  
  7. $user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  8.  
  9. //If they match add a cookie and go to admin page
  10.  
  11. if ($user_data[id] > 0) {
  12.  
  13. Setcookie("admin", $userid, Time()+3600);
  14.  
  15. //Otherwise
  16.  
  17. } else { $login_error = false; }
  18.  
  19. }
  20.  
  21. //If its right show this message
  22.  
  23. if ($login_error == true) {
  24.  
  25. echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  26.  
  27. //If not then show this
  28.  
  29. } else {
  30.  
  31. echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
  32.  
  33. }
  34.  
  35. ?>
  36.  
  37.  


Ok the first line...

PHP Code: [ Select ]
if ($_POST[user] && md5($_POST[pass])) {

Here i am saying "If.. the username and the password" - right?

Then on the second line:
PHP Code: [ Select ]
$user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));

Im asking for specific data and then making then arrays? (i think thats what they are called)

-From here how will i make them match, through the form?
The form elements are right, yes?
Code: [ Select ]
<form name="admin_login" method="post" action="admin_login.php">
<input type="text" name="username" id="$user">
<input type="password" name="password" id="MD5('$pass']">
 <input type="submit" value="submit" name="submit">
</form>
  1. <form name="admin_login" method="post" action="admin_login.php">
  2. <input type="text" name="username" id="$user">
  3. <input type="password" name="password" id="MD5('$pass']">
  4.  <input type="submit" value="submit" name="submit">
  5. </form>


But, on the third line and below
PHP Code: [ Select ]
 
if ($user_data[id] > 0) {
 
Setcookie("admin", $userid, Time()+3600);
 
//Otherwise
 
} else { $login_error = false; }
  1.  
  2. if ($user_data[id] > 0) {
  3.  
  4. Setcookie("admin", $userid, Time()+3600);
  5.  
  6. //Otherwise
  7.  
  8. } else { $login_error = false; }

When i i say user data '0' does this mean if its true or false?


I read it again and now im :shock: :x :roll:

Post Information

  • Total Posts in this topic: 39 posts
  • Users browsing this forum: No registered users and 98 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.