SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Zealot
    Join Date
    Oct 2005
    Posts
    128
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Securing login for CMS?

    I made myself a CMS system, but now I'm not sure how to secure it. I will be running my site on a server that uses apache. Should I just throw that login file in a separate directory and password protect it using .htaccess. Would that be pretty secure, or do I need to add more security via php (cookie/sessions etc) I'm pretty clueless on security, any help is appreciated, thanks.

  2. #2
    SitePoint Evangelist nsj's Avatar
    Join Date
    Oct 2005
    Location
    Jamaica (W.I)
    Posts
    447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sessions usually suffice for me (with password encrypted in a mysql db) but then again, it depends on the usage of your CMS... who is going to be using it? and what type of data is being accessed via the CMS?

  3. #3
    SitePoint Zealot
    Join Date
    Oct 2005
    Posts
    128
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm the only one who is going to be using it. The only data being passed to the CMS is just a couple of form fields with string data.

  4. #4
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    724
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sessions will be the way to go .. then if your site grows you can add more users to the cms system using user levels .. then also if u want to remove someone from using the cms you can just alter their user level rather than changing a single password via htta .. and having to pass out the new password .. bla bla

  5. #5
    SitePoint Zealot
    Join Date
    Oct 2005
    Posts
    128
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Would I use sessions along with apache http passwords? I'm still kind of confused on that part.

  6. #6
    SitePoint Zealot
    Join Date
    Jun 2003
    Location
    New York City
    Posts
    117
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, you don't need the .htaccess .htpasswrd type of auth. Set up a 'users' database with a field for username and password, then you create a login form. When the form is submitted, you have a script that looks for a match in your users DB table, and if there is one, then you set up a session for them and let them in. On each page of your CMS, you need to check for a valid session, and if it's not there, send them to the login page.

    That's a VERY simplified overview, as it's a bit more complex than that, but, there are lots of articles on how to setup authentication using PHP and MySQL here and on other sites.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •