SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Evangelist lance_vincent's Avatar
    Join Date
    Aug 2004
    Location
    philippines
    Posts
    574
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation security : important : bypassing log in page!!

    Hi everyone!!

    Im a student and im just starting to mastering php, mysql and apache combination for my project development course. Now im planning of incorporating security measures for my site.

    This is the scene. Suppose i have two pages, index.php and main.php. Index.php will be use to log in to continue to main.php. It is required that the user log in before he enters main.php. There are many sites that do this, actually nearly all of them. I i will type the address main.php, bypassing the index.php page, i will be redirected in another error friendly page saying i must log in first to continue to main.php.

    How cani do this? please help, anyone. I need this to graduate!!

  2. #2
    SitePoint Wizard
    Join Date
    Oct 2001
    Posts
    2,686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Lance. Welcome to Sitepointforums.

    The tutorial Managing Users with PHP Sessions and MySQL here at Sitepoint will give all the details you need. When you've build the system described in that tutorial all you need to password protect a page is adding this line:
    PHP Code:
    <?php include 'accesscontrol.php'?>
    If you have any further questions, don't hesitate to ask.

    -Helge

  3. #3
    SitePoint Addict
    Join Date
    Feb 2004
    Location
    belfast
    Posts
    386
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Simple format for this follows ...

    Main index page will contain 3 pages ....
    HTML Code:
          _______________________________________________
         |      Index with login
         |
         |
         | 
         |______________________________________________
         |       Index - Login Incorrect
         |
         |
         |
         |______________________________________________
         |      Main page (to display when a login was successful)
         | 
         |
         |
         |______________________________________________
    Login behind this is .....

    if (! submit_login_button) //begin main if

    {
    Display login page
    }

    else
    {
    Validate login details
    }

    if (! login_details = correct)

    {
    Display Index Page asking to re-input login details
    }

    else

    {
    Display Main page
    }

    } // close of main if

    hope this helps.

    Ronan

  4. #4
    SitePoint Addict Adam A Flynn's Avatar
    Join Date
    Jul 2004
    Location
    Canada
    Posts
    251
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could use includes, or use die in the protected page.

    Die (string msg) kills page execution and prints msg. So if you have something like:
    if([user isn't logged in])
    { die ("Hacking Attempt. You need to login to proceed."); }

    I'd suggest reading up on sessions in the PHP manual, and using those.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •