Printable View
I'm really new to PHP, and I'm trying to set up an admin page for my friend's site. He and I are the only ones who will ever need admin access.
Is the following code secure?
Code:<?php
if (($_POST[username])=="myusername" AND $_POST[password]=="mypassword")
{
echo "you made it!";
/* setcookie("admin", "true", time()+3600); */
}
else
{
echo "Access restricted.";
}
?>
not really... maybe in a way but you should use MySQL for that kind of stuff.
Using a cookie like that is insecure, as a hacker could very easily set his own cookie. A session-based approach would probably be better.
Some other considerations:
1. If you are on a shared host, how securely is it configured? Could another account on the site run his own script and have it read your PHP source code, thus seeing your login credentials?
2. Are you connecting via SSL (https)? If not, anyone "sniffing" the connection could could capture your login/password.
3. Are you using a "strong" password that would be virtually impossible to guess?
