PHP Programming - Some simple security

Author

Some simple security

Neal Middlemore

2006-03-29, 7:57 am

Hi,

I want to be able to add some simple security to one of my pages, basically
my page allows users to submit a text field which gets parsed into MySQL db
and displayed on other pages. At the moment anyone can submit text which
opens the page to abuse. I don't want to implement a user login system. I
had envisaged the addition of a password entry box which the Submit button
checks against the db before proceeding, so if any user has the correct
password then they can submit.

Having never done password stuff before, could somebody please point me in
the right direction?

Also, if I have the config data to connect to the mysql db in a PHP file on
my server, can anybody just open it?

Thanks

Neal

2006-03-29, 6:58 pm

"Neal Middlemore" <neal.middlemoreh@tbaesystems.com> wrote in message
news:442a8c91$1_1@glkas0286.greenlnk.net...
> Hi,
>
> I want to be able to add some simple security to one of my pages,
> basically my page allows users to submit a text field which gets parsed
> into MySQL db and displayed on other pages. At the moment anyone can
> submit text which opens the page to abuse. I don't want to implement a
> user login system. I had envisaged the addition of a password entry box
> which the Submit button checks against the db before proceeding, so if any
> user has the correct password then they can submit.
>
> Having never done password stuff before, could somebody please point me in
> the right direction?

You should use the <input type="password"> form input, and POST the data
(not GET) back to the form. Check the password field with your stored
password, and you know whether the user is

or not :)

> Also, if I have the config data to connect to the mysql db in a PHP file
> on my server, can anybody just open it?

As long as the server isn't configured to allow it to be fed directly to the
user, you'll be safe.

> Thanks
>
> Neal

dave

Sponsored Links