I have a question, in my administrator page, the admin has to login before accessing the user list where he can add or delete a user.
before my code ie delete segment
composes of the following
the delete user link
$delete = "<A HREF=\"$script?$pwd=new&action=delete&user=$user_no\">Delete</A>";
and delete confirmation
<TD ALIGN=\"RIGHT\"><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"HIDDEN\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"DeleteRef\" VALUE=\"$ref\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"DeleteUser\">
<INPUT TYPE=\"HIDDEN\" NAME=\"user\" VALUE=\"$user\">
<INPUT TYPE=\"SUBMIT\" VALUE=\"YES\"></FORM></TD>
<TD><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"HIDDEN\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"login\">
<INPUT TYPE=\"SUBMIT\" VALUE=\" NO \"></FORM></TD>
<TD COLSPAN =\"2\">&nbsp\;</TD>
but the security is compromised because the password is shown in the URL

I changed the code to
$delete = "<A HREF=\"$script?action=delete&user=$user_no\">Delete</A>";

<TD ALIGN=\"RIGHT\"><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"PASSWORD\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"DeleteRef\" VALUE=\"$ref\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"DeleteUser\">
<INPUT TYPE=\"HIDDEN\" NAME=\"user\" VALUE=\"$user\">
<INPUT TYPE=\"SUBMIT\" VALUE=\"YES\"></FORM></TD>
<TD><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"PASSWORD\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"login\">
<INPUT TYPE=\"SUBMIT\" VALUE=\" NO \"></FORM></TD>
<TD COLSPAN =\"2\">&nbsp\;</TD>

which works but the thing is everytime I click a link I have to write the password which is troublesome. I was thinking of using a cookie for the password so I dont have to login multiple times but I dont know how to incorporate it to the code. I know how to set and get a cookie but how do I get it to work in this case. Help please. Thank you very much.

wired_lain

Have you thought about password protecting the directory where your script is located? (like via .htaccess/.htpasswd - with Apache or Basic Authentication - via IIS),
========================================
Buh Bye!

Cheers,
Me

how do i do that via IIS?
wouldnt it be more complicated cuz i just want to password protect that particular script. I have an flat database file for the user details.

the standard way to properly secure form data is to make it a form post and use SSL. anything less would be insecure. of course, using IIS is insecure so...

-g

s/(\d{2})/chr($1)/ge + print if $_ = '8284703280698276687967';

sorry, where do i write the code? and what does it mean?

That's his signature

oh hehe sorry, my ignorance is showing,

anyway can anyone help with the problem or any useful links with IIS

Is your web account a virtual/shared account or is it dedicated? Do you have access to the IIS Manager Console for your web site? If so, then all you have to do is click on properties of the folder where your script is located...then set the "DIRECTORY SECURITY" to basic authentication.
========================================
Buh Bye!

Cheers,
Me

thanks ill do that