Thanks very much Melky! That did explain a lot. And the drawback of globals was as I suspected bad programming not them itself.
I've read that $_GET table is rather not recommended for the reason the variables and values are also passed to the script in the url so they may be hacked the same way you described, right?
So this code:
PHP Code:
if ($_GET['password']=="c3g4H2m") {
$authorised="1";
}
if ($authorised == 1) header(Location: admin.php?login=true);
Can also be hacked writting this:
PHP Code:
script.php?authorised=1
For the same reason would this get me to the control panel as well:
PHP Code:
admin.php?login=true
Correct?
Or is the variable
$authorised not accessible from outside the condition
if?
And thanks for the tip about .htaccess commend. Do you by any chance know a nice guide to .htaccess managing?
Kind Regards,
Piotrek