Security question

Posted by Syom on Stack Overflow See other posts from Stack Overflow or by Syom
Published on 2010-05-09T07:49:46Z Indexed on 2010/05/09 9:48 UTC
Read the original article Hit count: 233

Filed under:
|
|

in my cms i have index.php, where client must enter username and password. if they are correct, he'll moove to admin.php, where the cms is.

but now hacker can enter to cms/admin.php, so my security now is awful.


i know, that i can use $_SESSION variable.

index.php - i can give some value to $_SESSION['success']:

$_SESSION['success'] = TRUE, and in admin.php just verify it

admin.php

if($_SESSION['success'] == TRUE)
{
     my script here...
}
else header("Location: index.php");

but i want to rich this effect without SESSION. could you give me an idea, how can i do it?

thanks

© Stack Overflow or respective owner

Related posts about php

Related posts about security