Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Oct 2006
    Posts
    24
    Thanks
    6
    Thanked 0 Times in 0 Posts

    my plan to scuer my admin page.. help me if there's exploit

    Hello,
    I am trying to scure my admin pages on my script so at first I have plan to do that.. and i want php profsional programer to let me know if theres's away to break my scure page (exploit)!
    and gaide me how i can colse it..!

    Step 1:
    in database I stored:
    user name & md5 (password)

    step 2:
    Login page..
    simple html page that allowed user to inter user name and his passwored..
    submit form..

    step 3:
    prosses..
    get informathion from login page and check..

    in database ==> compare the user & pass is allowed and has permission to enter this area

    if compare is true

    step 4:
    creat session === >
    user_passed=1
    user_login=time()

    and then go to allowed area..

    in pages allowed area at first check the session isset & dosen't empty & user_passed==1

    else

    step 5:
    display message (You dont have permission to enter this area try to enter your correct user name and pass. again)...
    return to step 1..

    however this is my plan prousedure any body can help me if there's an exploit in my plan!

    thanks

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,861
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    If these pages are only for admin purpose, and nothing to show to public, you can do it by giving some .htaccess protection to your folder where your admin files are located.
    i.e, whenever someone access anything from this folder, he will get a login prompt to enter the information.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    Regular Coder
    Join Date
    Jan 2007
    Posts
    217
    Thanks
    9
    Thanked 0 Times in 0 Posts
    It might also be a good idea to have a fixed password too that the person should enter.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •