I'm trying to make a good admin login page for something I'm making for my website. What I'm trying to do is check to make sure the username and password is valid within each page, if it's not valid it goes to the login page
Can anyone help?
make a function that u used in each page, this function will check who is that person browsing the page!! and checks whether he has permissions to view it or not
bbye
That doesn't really help.
I understand the concept of md5 sorta and I don't understand what salt is but what I don't understand is using the encrpyted password to make the login secure
Use session id's to verify whether or not a user has already logged in. When a user submits the log in form, validate the credentials in the DB and set a session variable ($_SESSION['account']['isLoggedIn']) to true.
Create a separate function called requireLogin() which checks if isLoggedIn is true; if not, redirect to log in page.
There's a lot of
information out there about encryption too, but, MD5 should be simple enough for a simple log in system.
This is what I did(Tell me how secure it is, it's not exactly how I coded it but):
$submit = $_POST['submit'];//If the user submitted the login form
If (isset ($submit)) {
$formuser = md5(md5(md5($_POST['user'])));
$formpass = md5(md5(md5($_POST['pass'])));
If ($r1 = mysql_query ("SELECT * FROM admin")) {
Compares data in table to submitted form.
If equals sets cookies of encrypted username and password
If not equal redirect to login form
}
}
That's basically how it works. The username and password in the table is hashed(correct word?) three times and stored in the database