I'm looking at doing a very basic authentication script as follows:
<?php
// admin.php
session_start();
if($_GET['login'] == 'adminLoginWord')
{
$_SESSION['auth'] = true;
}
if($_SESSION['auth'])
{
// code to show Admin control panel
}
else
{
echo 'Please login.';
}
Therefore, to login, someone would need to know to navigate to the URL
admin.php?login=adminLoginWord
Is this a safe way of authentication?
In this case in particular, I was just being thick, and making it more complicated than needs be.
A .htaccess file was more than sufficient for this... woops!