View Full Version : my plan to scuer my admin page.. help me if there's exploit

09-04-2007, 02:58 PM
I am trying to scure my admin pages on my script so at first I have plan to do that.. and i want php profsional programer to let me know if theres's away to break my scure page (exploit)!
and gaide me how i can colse it..!

Step 1:
in database I stored:
user name & md5 (password)

step 2:
Login page..
simple html page that allowed user to inter user name and his passwored..
submit form..

step 3:
get informathion from login page and check..

in database ==> compare the user & pass is allowed and has permission to enter this area

if compare is true

step 4:
creat session === >

and then go to allowed area..

in pages allowed area at first check the session isset & dosen't empty & user_passed==1


step 5:
display message (You dont have permission to enter this area try to enter your correct user name and pass. again)...
return to step 1..

however this is my plan prousedure any body can help me if there's an exploit in my plan!


09-04-2007, 03:31 PM
If these pages are only for admin purpose, and nothing to show to public, you can do it by giving some .htaccess protection to your folder where your admin files are located.
i.e, whenever someone access anything from this folder, he will get a login prompt to enter the information.

09-04-2007, 06:47 PM
It might also be a good idea to have a fixed password too that the person should enter.