I am developing a web page where users log in with their twitter accounts, complete a form and then they see an admin panel. I need to prevent any user load admin panel if is not log in or if his twitter account is another one.
Example:
- Twitter Account A - Log in - That person can see Account A admin panel but not any other.
- Any person - Doesn't log in - That person can't see any account admin panel
I have been thinking something related to http://php.net/manual/es/function.password-hash.php, sessions and store values in database. But I don't know what can I do to get the safest possible result.
What would you do?
Aucun commentaire:
Enregistrer un commentaire