If an administrator knows the URL of the page such as www.example.com/admin.php, they will be easily accessible
You never have administrator section public You should not trust the ambiguity for this, the authority is the way to go, you can do it by trusting .htacces, or PHP . A crude example is below.
Below is a simple login implementation if the password is correct then it will allow the user to go to admin.php. Although you should read on sessions, because entry headers should be present on every page behind the login page. Password handling can be handled more securely.
& lt ;? Php session_name ('MyAdminSession'); Session_start (); If (isset ($ _ POST ['userid']) and release ($ _ POST ['password'])) {$ userid = $ _POST ['userid']; $ Password = MD5 ($ _ POST ['password']); If ($ userid == 'myusername' & amp; $ password == MD5 ('mypassword')) {$ _SESSION ['logged_in'] = true; Header ('location: admin.php'); Go out; }}? & Gt ;! DOCTYPE HTML Public "- // W3C // DTD XHTML 1.0 Strongly //n" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> & Lt; Html xmlns = "http://www.w3.org/1999/xhtml" xml: lang = "nl" & gt; & Lt; Top & gt; & Lt; Meta http-equiv = "content-type" content = "text / html; charset = utf-8" /> & Lt; Title & gt; My login page & lt; / Title & gt; & Lt; / Head & gt; & Lt; Body & gt; & Lt; Form action = "index.php" method = "post" & gt; & Lt; Label = "userid" for & gt; Username: & lt; / Label & gt; & Lt; Br / & gt; & Lt; Input name = "userid" type = "text" id = "userid" /> & Lt; Br / & gt; & Lt; Label = "password" & gt; Password: & lt; / Label & gt; & Lt; Br / & gt; & Lt; Input name = "password" type = "password" id = "password" /> & Lt; Br / & gt; & Lt; P & gt; & Lt; Input type = "submit" name = "submit" class = "button" value = "login" /> gt; & Lt; / P & gt; & Lt; / Form & gt; & Lt; / Body & gt; & Lt; / Html & gt;
No comments:
Post a Comment