$_SESSION security

$_SESSION[] in PHP is secure, but of course if is only as secure as your application makes it. The session variables / parameters are stored at the server level, with the user given a pseudorandom string (“session ID”) for them to identify themselves with. The weakness is if that string is intercepted by an attacker, […]

Read More

Simple Site Log In Form

In the head of each page add this Note this must be before any html header are sent (i.e. in php code before html output) Use this as the log in page Use this as an optional log out page

Read More

Admin Users

Simple Admin User Session Approach The log in / log out page <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Admin Log In</title> <?php if ( !isset($_SESSION)) session_start(); //LOG IN URL: // www.my_domain.com/admin_login.php?adminid=somerandomgibberish //LOG OUT URL: // www.my_domain.com/admin_login.php?adminid=0 if ( isset($_GET[‘adminid’]) && ($_GET[‘adminid’] == "somerandomgibberish") ) { […]

Read More