9 replies to this topic

[Crofty]

Hey, i have made a login script and so far its knows when people sign in but i want to be able to know when the admin logs in.

at the moment i am using this

if (isset($_SESSION['s_username']))

[rc69]

I'm assuming you're using a database to keep track of registered users? If so, just add a user_level/admin field, and give it a special value if the user is an admin. The select that when you select the rest of the user info, and use it to see if a user is an admin.

[Crofty]

yeah ok that sounds like it will work thanks for the advice

[Demonslay]

Try not to make it something like 'admin=yes' or 'level=1' or someone could try some simple SQL hacks.
Just be sure to make your querys very secure anyways.

[coolaid]

Quote

'admin=yes' or 'level=1'

isn't all sql like that.... besides, if they can do some simple sql hack, then your not doing your part as a programmer

[Crofty]

well what is the safest way of doing it

[Demonslay]

Ya I know, lol, just bringing up a point. If he has it very secure it wouldn't matter, but I wouldn't make it obvious just incase there is some flaw I didn't know of.

[Ben]

Do a really long code sort of password thing no will will guess. like K0eeE2R442b1258F816kwqs154eyt6546B46qawe6jy

[rc69]

If you know half of what you're doing, you're password will end up that way anyway (it's called encryption, md5() look it up ).

The safest way to do it would be the easiest way (user_level = 1, or what ever). Just make sure you use mysql_real_escape_string() on the query to get the user info, and make sure you declare what ever variable will contain the extracted user info so as to prevent hacking via register globals.

[Crofty]

ok thanks for the advice my password where already encrypted into md5 hashes lol and yeah my admin verifying is now ok i think lol soon find out

thanks for the help