Protecting a folder - sessions or .htaccess?

[Jan Ove]

I am making my own simple CMS based on one of the Sitepoint books (PHP and MySQL). I think I will end up with a few separate pages for editing the database content.

Now I wonder what kind of protection I should use on this "admin page"? I haven't really learned/understood php sessions yet so for now I have protected the folder which holds the admin pages (PHPMyAdmin untill I make my own) with the use of .htaccess. Is this a good enough solution or should I go for learning PHP sessions? For me this seems good enough and it should keep people out of this folder I believe. Any input with reasons will be most appreciated.

Thanks!

[sputza]

Are you the only one needing access to the 'admin page'? If so then I think htaccess will do the trick. If you are going to have more than one user... php sessions will be easy to maintain.

I have used both before and I think sessions are a better way. It allows for you to expand your CMS withough having to worry about moving htaccess files to protect folders. With sessions you can protect select pages really easy rather than a whole folder.

I have a simple php mysql login script here

If you have questions, just reply and i'll be watching this thread.

[Jan Ove]

Thanks! I'll try your solution, but it will have to wait a couple of days as something else came up. However I wonder how do you "transfer" a session to another page? I.e. how do you stay logged in?

[sputza]

you just need the session_start() to make the session stay. Once you do a session_destroy() you will kill the session. For more info on sessions, refer to the PHP manual.

my logout script:

PHP Code:

  <?php
  //check for admin session
  //if no admin session, login
  session_start();
  if (!(isset($_SESSION['id']))) {
      header ("Location:login.php");
      }
  session_destroy();
  ?>