...

View Full Version : my plan to scuer my admin page.. help me if there's exploit



marhoons
09-04-2007, 01:58 PM
Hello,
I am trying to scure my admin pages on my script so at first I have plan to do that.. and i want php profsional programer to let me know if theres's away to break my scure page (exploit)!
and gaide me how i can colse it..!

Step 1:
in database I stored:
user name & md5 (password)

step 2:
Login page..
simple html page that allowed user to inter user name and his passwored..
submit form..

step 3:
prosses..
get informathion from login page and check..

in database ==> compare the user & pass is allowed and has permission to enter this area

if compare is true

step 4:
creat session === >
user_passed=1
user_login=time()

and then go to allowed area..

in pages allowed area at first check the session isset & dosen't empty & user_passed==1

else

step 5:
display message (You dont have permission to enter this area try to enter your correct user name and pass. again)...
return to step 1..

however this is my plan prousedure any body can help me if there's an exploit in my plan!

thanks

abduraooft
09-04-2007, 02:31 PM
If these pages are only for admin purpose, and nothing to show to public, you can do it by giving some .htaccess protection to your folder where your admin files are located.
i.e, whenever someone access anything from this folder, he will get a login prompt to enter the information.

ole90
09-04-2007, 05:47 PM
It might also be a good idea to have a fixed password too that the person should enter.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum