Safe entrance on page



  • There's an admin. How best to implement the defense against "experienced." It's done now:
    Inlet page: If the password matches, the key is recorded in the box. When entering the Adminki page, a check is under way if the key matches, it comes in, and no, there is a cross-section on the front page.



  • I don't know what the key in the box is compared to.

    This is usually done by an RBM-based mechanism http://phpfaq.ru/sessions : When the password is checked, the user ' s id is written and its access rights are checked on each page. In the simplest case, it's just id.

    This is an example of authorisation using the PDO and the correct steam machine:

    session_start();
    if(isset($_POST['submit'])) {
        $stmt = $pdo->prepare("SELECT id, password FROM users WHERE email = ?");
        $stmt->execute($_POST['username']);
        $user = $stmt->fetch();
        if($user && password_verify($_POST['password'], $user['password'])) {
                $_SESSION['userid'] = $user['id'];
        }
    }
    

    We'll check after that.

    session_start();
    if (!$_SESSION['userid']) {
         header("Location: /auth.php")
         exit;
    }
    



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2