My recommendation would be for you to do it through a .htaccess file. Most
web hosts will give you the ability to do this through your admin, but you
can do it by hand easily - do a google on it.
The problem with .htaccess files though, is, you get a naff looking box pop
up asking for your username and password. If you want to be able to design
the form you fill out, then a POST form will do the trick. This is how I've
written (what I hope are) secure admins.
At the very top of every page put: session_start(); - look at php.net for
documentation on PHP sessions if you're unsure what they are.
Have PHP create a new session variable when the password and username are
correct. e.g.:
if ($_POST['pass'] == "s2132t163" && $_POST['user'] == "me") {
$_SESSION['adminlogin'] = "yes";
}
On each page that needs to be protected, put this line before any content is
printed:
if (!isset($_SESSION['adminlogin'])) { die "Unauthorised access"; }
Having this means if the session variable hasn't been created, the page
won't load past this point and an 'unauthorised' message will display.
Ka kite,
Luke
"Ben Allen" <"ben.allen"@\"your.tonsils\"btinternet.com> wrote in message
news:dc**********@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
Hi,
I want to create a password protected page to administer my site from
(the news is read from a mySQL database and I have created a PHP form to
as a GUI to do this). I thought of password-protecting it by creating a
page with the login details (which are the same as those needed for the
mySQL database, passing these as variable to the admin page using POST
and then making changes to the database using these login variables. Is
this secure and/or practical? Will it alert the user to an incorrect
mySQL login straight away or wait until the submit button is pressed
(and changes are attempted to be made)?
The other option is using a password script such as this one
http://www.webdevtips.com/webdevtips...re/index.shtml
Any thoughts or other (relatively simple) ways of doing this?
Cheers,
Ben