SitePoint Sponsor |
|
User Tag List
Results 1 to 4 of 4
-
Aug 11, 2005, 15:48 #1
- Join Date
- Jul 2005
- Location
- Oslo, Norway
- Posts
- 12
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Protecting a folder - sessions or .htaccess?
I am making my own simple CMS based on one of the Sitepoint books (PHP and MySQL). I think I will end up with a few separate pages for editing the database content.
Now I wonder what kind of protection I should use on this "admin page"? I haven't really learned/understood php sessions yet so for now I have protected the folder which holds the admin pages (PHPMyAdmin untill I make my own) with the use of .htaccess. Is this a good enough solution or should I go for learning PHP sessions? For me this seems good enough and it should keep people out of this folder I believe. Any input with reasons will be most appreciated.
Thanks!
-
Aug 12, 2005, 07:35 #2
- Join Date
- Jan 2002
- Location
- Canada
- Posts
- 528
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Are you the only one needing access to the 'admin page'? If so then I think htaccess will do the trick. If you are going to have more than one user... php sessions will be easy to maintain.
I have used both before and I think sessions are a better way. It allows for you to expand your CMS withough having to worry about moving htaccess files to protect folders. With sessions you can protect select pages really easy rather than a whole folder.
I have a simple php mysql login script here
If you have questions, just reply and i'll be watching this thread.
-
Aug 13, 2005, 14:11 #3
- Join Date
- Jul 2005
- Location
- Oslo, Norway
- Posts
- 12
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Thanks! I'll try your solution, but it will have to wait a couple of days as something else came up. However I wonder how do you "transfer" a session to another page? I.e. how do you stay logged in?
-
Aug 15, 2005, 08:41 #4
- Join Date
- Jan 2002
- Location
- Canada
- Posts
- 528
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
you just need the session_start() to make the session stay. Once you do a session_destroy() you will kill the session. For more info on sessions, refer to the PHP manual.
my logout script:
PHP Code:<?php
//check for admin session
//if no admin session, login
session_start();
if (!(isset($_SESSION['id']))) {
header ("Location:login.php");
}
session_destroy();
?>
Bookmarks