Forum Moderators: coopster
I just figured a bad hole if I call a page and user is not logged in the auth does its job and after login open the requested page
Well, I just figured that typing the URL will call the page and open it without passing by login! Hmmmm.
Here is how I tried to protect the page:
This little code is sitting atop any_file.php
<?
require("login_2/backend.php");
$login_check = $authlib->is_logged();
if (!$login_check) {
include("login_2/html/nologin.html");
exit;
}
else {
include ("any_file.php");
}
?>
the above if a user is not logged goes to
“error need to log”
then: login
and then “loging_done” that send a header
as follow:
<?php
header("Location: ../../any_file.php");
exit;
?>
of course it does not work for it is calling again the same page name any_file.php
so the real question is what should I do to be sure that a page will not open if its correct address is type in the address bar?
Thank you
regards
You can also try using an auto_prepend_file [ca.php.net] for that code snippet that appears on all your page.
[added]Link to php manual[/added]
mavherick
but indeed since it is calling itself it put me in some vicious circle out of which one I call the page, login, call the page login etc...
why: for ex: the page is named paul.php
and the include calls also paul.php
so how can I display the paul.php when the user is logged in?
I cannot figure the trick
however I understand why it does not work but have no fix!
thank you
<?
require("login_2/backend.php");
$login_check = $authlib->is_logged();
if (!$login_check) {
include("login_2/html/nologin.html");
exit;
}
else {
include ("paul.php");
}
?>
if (!log in check)
{
- do exit
}
output page as normal
i.e. - the stuff you put after the if(){ } will never be output unless the client is logged in. no need to use include again here - get on with giving content :-)
