Welcome to WebmasterWorld Guest from 107.20.20.39

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Login headache

protecting a page

   
6:52 pm on Jul 29, 2003 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I have a login pretty well performing
Collecting a full profile, pw lost etc...

I just figured a bad hole if I call a page and user is not logged in the auth does its job and after login open the requested page
Well, I just figured that typing the URL will call the page and open it without passing by login! Hmmmm.

Here is how I tried to protect the page:

This little code is sitting atop any_file.php
<?

require("login_2/backend.php");

$login_check = $authlib->is_logged();

if (!$login_check) {

include("login_2/html/nologin.html");
exit;

}

else {
include ("any_file.php");

}

?>

the above if a user is not logged goes to
“error need to log”
then: login
and then “loging_done” that send a header

as follow:
<?php

header("Location: ../../any_file.php");
exit;

?>

of course it does not work for it is calling again the same page name any_file.php

so the real question is what should I do to be sure that a page will not open if its correct address is type in the address bar?

Thank you

regards

7:20 pm on Jul 29, 2003 (gmt 0)

10+ Year Member



Well if in your login process you have a session var or something that gets set to true when the login is done and validated so that your method $authlib->is_logged() can work as intended, there shouldn't be a problem.

You can also try using an auto_prepend_file [ca.php.net] for that code snippet that appears on all your page.

[added]Link to php manual[/added]

mavherick

8:59 pm on Jul 29, 2003 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



this sits atop a page and prevnet it from being called directly without login

but indeed since it is calling itself it put me in some vicious circle out of which one I call the page, login, call the page login etc...
why: for ex: the page is named paul.php
and the include calls also paul.php
so how can I display the paul.php when the user is logged in?
I cannot figure the trick
however I understand why it does not work but have no fix!
thank you
<?

require("login_2/backend.php");

$login_check = $authlib->is_logged();

if (!$login_check) {

include("login_2/html/nologin.html");
exit;

}

else {
include ("paul.php");

}

?>

9:02 pm on Jul 29, 2003 (gmt 0)

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member



i think the problem is that you shouldn't put in include("paul.php); at all...

if (!log in check)
{
- do exit
}
output page as normal

i.e. - the stuff you put after the if(){ } will never be output unless the client is logged in. no need to use include again here - get on with giving content :-)

11:36 am on Jul 31, 2003 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



thanks VVV
it makes sense
Henry