homepage Welcome to WebmasterWorld Guest from 54.196.201.253
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Login headache
protecting a page
henry0




msg:1264099
 6:52 pm on Jul 29, 2003 (gmt 0)

I have a login pretty well performing
Collecting a full profile, pw lost etc...

I just figured a bad hole if I call a page and user is not logged in the auth does its job and after login open the requested page
Well, I just figured that typing the URL will call the page and open it without passing by login! Hmmmm.

Here is how I tried to protect the page:

This little code is sitting atop any_file.php
<?

require("login_2/backend.php");

$login_check = $authlib->is_logged();

if (!$login_check) {

include("login_2/html/nologin.html");
exit;

}

else {
include ("any_file.php");

}

?>

the above if a user is not logged goes to
“error need to log”
then: login
and then “loging_done” that send a header

as follow:
<?php

header("Location: ../../any_file.php");
exit;

?>

of course it does not work for it is calling again the same page name any_file.php

so the real question is what should I do to be sure that a page will not open if its correct address is type in the address bar?

Thank you

regards

 

mavherick




msg:1264100
 7:20 pm on Jul 29, 2003 (gmt 0)

Well if in your login process you have a session var or something that gets set to true when the login is done and validated so that your method $authlib->is_logged() can work as intended, there shouldn't be a problem.

You can also try using an auto_prepend_file [ca.php.net] for that code snippet that appears on all your page.

[added]Link to php manual[/added]

mavherick

henry0




msg:1264101
 8:59 pm on Jul 29, 2003 (gmt 0)

this sits atop a page and prevnet it from being called directly without login

but indeed since it is calling itself it put me in some vicious circle out of which one I call the page, login, call the page login etc...
why: for ex: the page is named paul.php
and the include calls also paul.php
so how can I display the paul.php when the user is logged in?
I cannot figure the trick
however I understand why it does not work but have no fix!
thank you
<?

require("login_2/backend.php");

$login_check = $authlib->is_logged();

if (!$login_check) {

include("login_2/html/nologin.html");
exit;

}

else {
include ("paul.php");

}

?>

vincevincevince




msg:1264102
 9:02 pm on Jul 29, 2003 (gmt 0)

i think the problem is that you shouldn't put in include("paul.php); at all...

if (!log in check)
{
- do exit
}
output page as normal

i.e. - the stuff you put after the if(){ } will never be output unless the client is logged in. no need to use include again here - get on with giving content :-)

henry0




msg:1264103
 11:36 am on Jul 31, 2003 (gmt 0)

thanks VVV
it makes sense
Henry

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved