php: security question

Posted by Syom on Stack Overflow See other posts from Stack Overflow or by Syom
Published on 2010-05-09T07:49:46Z Indexed on 2010/05/09 7:58 UTC
Read the original article Hit count: 238

Filed under:

php

in my cms i have index.php, where client must enter username and password. if they are correct, he'll moove to admin.php, where the cms is.

but now hacker can enter to cms/admin.php, so my security now is awful.

i know, that i can use $_SESSION variable.

index.php - i can give some value to $_SESSION['error']:

$_SESSION['error'] = TRUE, and in admin.php just verify it

admin.php

if($_SESSION['error'] == TRUE)
{
     my script here...
}
else header("Location: index.php");

but i want to rich this effect without SESSION. could you give me an idea, how can i do it?

thanks

Related posts about php

Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

as seen on Server Fault - Search for 'Server Fault'
I have been trying to resolve my issue of spiking cpu caused by php-fpm processes. I've reduced the php-fpm config settings to: pm = ondemand pm.max_children = 12 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 php_admin_value[memory_limit] = 128M Problem… >>> More
PHP Pear Installation on CentOS

as seen on Server Fault - Search for 'Server Fault'
[root@ip ~]# yum install php-pear* Reducing CentOS-5 Testing to included packages only Finished Setting up Install Process Package 1:php-pear-1.8.1-2.el5.centos.noarch already installed and latest versio … >>> More
Apache configurations for php "AddType text/html php" or "AddType application/x-httpd-php php .php"

as seen on Server Fault - Search for 'Server Fault'
I am taking over an application server and discover that it contain the following settings: AddType text/html php Although it works, but my understanding is that it should set as following: AddType application/x-httpd-php php .php What are the key differences between the two settings?… >>> More
mod_rewrite settings causes server to throw HTTP 500 errors instead of 404

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a server with VBulletin forum (working under Apache 2.2, CentOS). The default settings for it in .htaccess are as follows: RewriteEngine on RewriteCond %{HTTP_HOST} ^gsmforum\.ru RewriteRule (.*) http://www.gsmforum.ru/$1 [R=301,L] # If you are having problems or are using VirtualDocumentRoot… >>> More
Problems installing Memcache (PECL extension)

as seen on Server Fault - Search for 'Server Fault'
I have installed memcached fine, and now I will need to install PECL extension memcache. Im running RedHat x86_64 es5. The installation gives me this: downloading memcache-2.2.6.tgz ... Starting to download memcache-2.2.6.tgz (35,957 bytes) ..........done: 35,957 bytes 11 source files, building running:… >>> More

Developer IT

php: security question - Developer IT

php: security question

php

Related posts about php

Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

PHP Pear Installation on CentOS

Apache configurations for php "AddType text/html php" or "AddType application/x-httpd-php php .php"

mod_rewrite settings causes server to throw HTTP 500 errors instead of 404

Problems installing Memcache (PECL extension)

Categories cloud