SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member
    Join Date
    Jul 2005
    Location
    Oslo, Norway
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Protecting a folder - sessions or .htaccess?

    I am making my own simple CMS based on one of the Sitepoint books (PHP and MySQL). I think I will end up with a few separate pages for editing the database content.

    Now I wonder what kind of protection I should use on this "admin page"? I haven't really learned/understood php sessions yet so for now I have protected the folder which holds the admin pages (PHPMyAdmin untill I make my own) with the use of .htaccess. Is this a good enough solution or should I go for learning PHP sessions? For me this seems good enough and it should keep people out of this folder I believe. Any input with reasons will be most appreciated.

    Thanks!

  2. #2
    SitePoint Evangelist sputza's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you the only one needing access to the 'admin page'? If so then I think htaccess will do the trick. If you are going to have more than one user... php sessions will be easy to maintain.

    I have used both before and I think sessions are a better way. It allows for you to expand your CMS withough having to worry about moving htaccess files to protect folders. With sessions you can protect select pages really easy rather than a whole folder.

    I have a simple php mysql login script here

    If you have questions, just reply and i'll be watching this thread.
    Steven Watkins
    Chief Web Ninja
    Code Monkey Interactive
    lowgravity.ca

  3. #3
    SitePoint Member
    Join Date
    Jul 2005
    Location
    Oslo, Norway
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks! I'll try your solution, but it will have to wait a couple of days as something else came up. However I wonder how do you "transfer" a session to another page? I.e. how do you stay logged in?

  4. #4
    SitePoint Evangelist sputza's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you just need the session_start() to make the session stay. Once you do a session_destroy() you will kill the session. For more info on sessions, refer to the PHP manual.

    my logout script:
    PHP Code:
      <?php
      
    //check for admin session
      //if no admin session, login
      
    session_start();
      if (!(isset(
    $_SESSION['id']))) {
          
    header ("Location:login.php");
          }
      
    session_destroy();
      
    ?>
    Steven Watkins
    Chief Web Ninja
    Code Monkey Interactive
    lowgravity.ca


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •