Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Don't need to login
#1
Hello,

I just made a login system. But I want to give users the ability to view pages that is for admin only. I tried a cookie, but I got this error:
PHP Code:
WarningCookie names cannot contain any of the following '=,; \t\r\n\013\014' in /home/crystal/public_html/hwid/admin.php on line 17 

Does anyone has a better method ? I was thought session is a good way. Should I use $_SESSION ?
Reply
#2
For viewing pages that have admin functions, just make it so that it parses the Admin functions onto the page if their session matches that of the Admin credentials.

I've provided an example of a fully functional $_SESSION Admin page here: http://tech.reboot.pro/showthread.php?ti...=PHP+login

The MySql inserts are a bit sloppy, but that's not the part you're going to be looking at. Look at where I use the $_SESSION variable to define admin pages.
Reply
#3
Hello,

I wrote this, can you please tell me what I did wrong ?

PHP Code:
if ($admin == '1'){
session_start();
session_regenerate_id (true); //Voorkomt session fixed attacks. 
$_SESSION['username'] = $username
}

if (isset(
$_SESSION['username'])){ ?>
<div class="menu_resize_bg">
}

<?php
if (!isset($_SESSION['username'])){ ?>
  echo 'Doens't exist';

Thanks in advance!
Reply
#4
Right here:
PHP Code:
$_SESSION['username'] = $username

Then you go and use the Session variable itself without username for some reason, but you don't check it's input directly.
PHP Code:
if (isset($_SESSION['username'])) 

Not good...
Reply
#5
(01-21-2012, 08:06 AM)AceInfinity Wrote: Right here:
PHP Code:
$_SESSION['username'] = $username

Then you go and use the Session variable itself without username for some reason, but you don't check it's input directly.
PHP Code:
if (isset($_SESSION['username'])) 

Not good...
My bad, I forgot to copy the $username

PHP Code:
$username htmlspecialchars($_POST['username'], ENT_QUOTES); 

Of course I also made a textbox with the name 'username'
Never mind, fixed it with this: if (isset($_SESSION['username']) == $username)
Reply
#6
That's still not very good to do. Review my expample one more time, you'll see Smile

Gaijin i'm sure would tell you what's wrong as well.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [help] Improve login script Montana" 1 1,733 03-18-2013, 12:59 PM
Last Post: Haxalot
  Simple Login and Search nevets04 1 772 12-24-2009, 03:37 PM
Last Post: Gaijin

Forum Jump:


Users browsing this thread: 1 Guest(s)