I have a question, in my administrator page, the admin has to login before accessing the user list where he can add or delete a user.
before my code ie delete segment
composes of the following
the delete user link
$delete = "<A HREF=\"$script?$pwd=new&action=delete&user=$user_no\">Delete</A>";
and delete confirmation
<TD ALIGN=\"RIGHT\"><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"HIDDEN\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"DeleteRef\" VALUE=\"$ref\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"DeleteUser\">
<INPUT TYPE=\"HIDDEN\" NAME=\"user\" VALUE=\"$user\">
<INPUT TYPE=\"SUBMIT\" VALUE=\"YES\"></FORM></TD>
<TD><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"HIDDEN\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"login\">
<INPUT TYPE=\"SUBMIT\" VALUE=\" NO \"></FORM></TD>
<TD COLSPAN =\"2\"> \;</TD>
but the security is compromised because the password is shown in the URL
I changed the code to
$delete = "<A HREF=\"$script?action=delete&user=$user_no\">Delete</A>";
<TD ALIGN=\"RIGHT\"><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"PASSWORD\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"DeleteRef\" VALUE=\"$ref\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"DeleteUser\">
<INPUT TYPE=\"HIDDEN\" NAME=\"user\" VALUE=\"$user\">
<INPUT TYPE=\"SUBMIT\" VALUE=\"YES\"></FORM></TD>
<TD><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"PASSWORD\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"login\">
<INPUT TYPE=\"SUBMIT\" VALUE=\" NO \"></FORM></TD>
<TD COLSPAN =\"2\"> \;</TD>
which works but the thing is everytime I click a link I have to write the password which is troublesome. I was thinking of using a cookie for the password so I dont have to login multiple times but I dont know how to incorporate it to the code. I know how to set and get a cookie but how do I get it to work in this case. Help please. Thank you very much.
wired_lain
before my code ie delete segment
composes of the following
the delete user link
$delete = "<A HREF=\"$script?$pwd=new&action=delete&user=$user_no\">Delete</A>";
and delete confirmation
<TD ALIGN=\"RIGHT\"><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"HIDDEN\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"DeleteRef\" VALUE=\"$ref\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"DeleteUser\">
<INPUT TYPE=\"HIDDEN\" NAME=\"user\" VALUE=\"$user\">
<INPUT TYPE=\"SUBMIT\" VALUE=\"YES\"></FORM></TD>
<TD><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"HIDDEN\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"login\">
<INPUT TYPE=\"SUBMIT\" VALUE=\" NO \"></FORM></TD>
<TD COLSPAN =\"2\"> \;</TD>
but the security is compromised because the password is shown in the URL
I changed the code to
$delete = "<A HREF=\"$script?action=delete&user=$user_no\">Delete</A>";
<TD ALIGN=\"RIGHT\"><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"PASSWORD\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"DeleteRef\" VALUE=\"$ref\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"DeleteUser\">
<INPUT TYPE=\"HIDDEN\" NAME=\"user\" VALUE=\"$user\">
<INPUT TYPE=\"SUBMIT\" VALUE=\"YES\"></FORM></TD>
<TD><FORM ACTION=\"$script\" METHOD=\"POST\">
<INPUT TYPE=\"PASSWORD\" NAME=\"pwd\" VALUE=\"$FORM{pwd}\">
<INPUT TYPE=\"HIDDEN\" NAME=\"action\" VALUE=\"login\">
<INPUT TYPE=\"SUBMIT\" VALUE=\" NO \"></FORM></TD>
<TD COLSPAN =\"2\"> \;</TD>
which works but the thing is everytime I click a link I have to write the password which is troublesome. I was thinking of using a cookie for the password so I dont have to login multiple times but I dont know how to incorporate it to the code. I know how to set and get a cookie but how do I get it to work in this case. Help please. Thank you very much.
wired_lain