Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

What's the best way to do:


  • Please log in to reply

#1
ShogunWarrior

ShogunWarrior

    Member

  • Member
  • PipPip
  • 21 posts
First of all- hi, thanks for reading.

I've only recently started PHP but I'm finding it a breeze.
My question is - What's the best way to make a relatively secure login system.
I've made one no problem with sessions but is it really secure enough to simply put:
if(SESSION_REGISTERED['USERNAME'] && $_SESSION['user_level']==1)
{/*Include admin stuff in here*/}

Is that secure enough because I'd like to add a button beside each news item that allows you to deleted a topic but it is only displayed if you are logged in and have admin status. Of course, I would hate for a user to hack and rob sessions and delete the items so I need it to be secure.

So, is this the best way to do it or is there a better/more secure way to do it?

-SW
  • 0

Advertisements


#2
remintellegere

remintellegere

    Member

  • Member
  • PipPip
  • 34 posts
Granted this solution is secure enough for the average website, you can also use PHP's built in encoding engine to generate ranks. For example, putting in Administrator as a rank will yield %$mofh3@f83n2. This is unreadable by outside forces AND it will allow you to have a secure system by not having to the standard ranking system. EG, Administrator could have the coding value of puddingskin. This would yield a code that is ALWAYS the same no matter how many times you code it, and it can never be reverse coded. This is what alot of web builders do with their password system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP