php: security question

Posted by Syom on Stack Overflow See other posts from Stack Overflow or by Syom
Published on 2010-05-09T07:49:46Z Indexed on 2010/05/09 7:58 UTC
Read the original article Hit count: 243

Filed under:

in my cms i have index.php, where client must enter username and password. if they are correct, he'll moove to admin.php, where the cms is.

but now hacker can enter to cms/admin.php, so my security now is awful.


i know, that i can use $_SESSION variable.

index.php - i can give some value to $_SESSION['error']:

$_SESSION['error'] = TRUE, and in admin.php just verify it

admin.php

if($_SESSION['error'] == TRUE)
{
     my script here...
}
else header("Location: index.php");

but i want to rich this effect without SESSION. could you give me an idea, how can i do it?

thanks

© Stack Overflow or respective owner

Related posts about php