Quote:
Originally Posted by ChrisTheSoul
Hi peeps.
I've just built my first custom CMS using PHP and MySQL.
I've put all the admin pages in the directory mydomain.com/cms
I'm new to web security issues, so could I get people's opinions on the best way of securing these pages:
1. From being edited by people naughty enough to want to do so?
2. From Google and other search engines indexing the pages to assist those mentioned in 1.?
Thanks in advance for any suggestions.
Chris
 |
Use sessions,
on login, the user get's two session like so:
$_SESSION['user'] = $username (from $_POST and will be queried to log in)
$_SESSION['seskey'] = $md5(rand(1000, 9999));
and the mysql table with have at least three columns (username, password, session)
when the user logs in the random session will be put in their session and mysql table.
hope you follow