[Tut] Simple Multi User Login

Firehorse · 27-04-2007, 09:38 AM

Originally Posted by Verrou

Argh i tried making it on freewebs and i got:
.htaccess contains prohibited characters (.)

so i can't make it cuz it has a . there >.>

Ver.

Freewebs isn't a proper web host, it's like piczo. Just a small company that lets people easily post things on the net.

Most scripts will not work on Freewebs so it's best to get a proper server,

I was on freewebs for two years and found it horrible, now i use a proper host I can do alot more and even password protect pages without having to pay extra like on Freewebs.

If I were you I would dump freewebs now and get cpanel hosting!

QuickScriptz · 28-04-2007, 03:11 AM

Very nice

+Rep

But did I just miss this part or does the cookie not actually contain any info - meaning that someone could just set the cookie called "in" and be allowed access?

Ini · 28-04-2007, 11:24 AM

It looks familiar.

I think ive seen something like this somewhere before.

Nice script

VPSwow · 28-04-2007, 11:40 AM

Very nice tut well done

+rep

Mr.OSH · 28-04-2007, 12:08 PM

Another fantastic tutorial Carl. Well Done + rep. I'm sure this could come in handy for me at some point.

Invent · 28-04-2007, 01:03 PM

But did I just miss this part or does the cookie not actually contain any info - meaning that someone could just set the cookie called "in" and be allowed access?

The cookie "in" has the value of "1".

QuickScriptz · 29-04-2007, 03:19 AM

Originally Posted by Invent

The cookie "in" has the value of "1".

Ya but still... can't I just set a cookie with the value "1" and be let it?

Mentor · 29-04-2007, 11:07 PM

Originally Posted by Scriptz

Ya but still... can't I just set a cookie with the value "1" and be let it?

Indeed that is true, i did say that in the flaws section near the bottom. It was designed to be as simple as possible, useing a changing value (hash of password etc) would add quite a bit of complexity in that it would need to be checked every time the page was accessed.

You could easly change the cookies value, or name. That way unless someone had the right password to start with and could login once, or were told by someone the cookie name and value its still relativly secure.

Chippiewill · 26-06-2007, 02:52 PM

you ripped this

http://thybag.co.uk/?p=Tutorials&ind=38

Mentor · 26-06-2007, 03:24 PM

Originally Posted by 00chips

you ripped this

http://thybag.co.uk/?p=Tutorials&ind=38

*chokes* click the link in my sig and guess which site i own

Thread: [Tut] Simple Multi User Login

Thread Tools

Posting Permissions