/    Sign up×
Community /Pin to ProfileBookmark

PHP Sessions For Member Access System

Copy linkTweet thisAlerts:
Jan 08.2011

I was wondering if there is a better way to manage a password protected member’s section. I was taught that once someone’s login username and password is verified, set the $_SESSION[‘id’] variable to the user’s id and on every password protected page, just confirm that isset($_SESSION[‘id’]).

Is there something better than this to keep the computer savvy hackers out?

to post a comment
PHP

1 Comments(s)

Copy linkTweet thisAlerts:
@eval_BadCode_Jan 09.2011 — You should decide on your access control method, because it may not be enough to just prevent access to parts of your system from outsiders; you may very likely have insider threats also. In which case only checking for a user ID might allow anyone who is logged in to access the administrator's panel.

The most basic access control methods are mandatory, discretionary, and role based. There are also mechanisms like perimeters and gateways, but that might be outside of the scope of your problem.

The craziest one that I know of is called a "Chinese Wall". There are also some other ones, but it's probably best if you start out basic :p

-----------
Edit:

Take your time implementing this, because it can turn around and really haunt you with hours of work if done incorrectly.
×

Success!

Help @Ntrimgs spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.16,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...