SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict
    Join Date
    Feb 2006
    Posts
    299
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    HELP ME::Avoiding user having access to the protected pages without login

    Hello Everone,



    I have two(2) sections where the users are supposed to login in order to acesss the files.
    Now before that, the user can fill in the application then submit the application. When fill in the application he/she login by entering Number and password, the fills in the application.


    There are scripts or pages (sections) that prtotected using the scripts below. Please note theses memebers come from different departmnets, but use that same scripts.

    NOW MY PROBLEM, some times users who have been justing entering or filling the applications able to access the protected sections with out login.

    Please help, how I can avoid this.


    PHP Code:
    <?  
    session_start
    (); 
    if(!isset(
    $_SESSION['auth'])){
    echo
    "Sorry you have to login first, you will be redirected to the login page in a short while";    
    echo 
    "<br>";
    echo(
    "<meta http-equiv=\"Refresh\" content=\"2; URL=http://localhost/huuk/recommenderfinal/Main_Login_Recommender.php\">");    
    }
    if ((
    $_SESSION['DivisionId'] != "Fin") and ($_SESSION['DivisionId'] != "Corporate") and ($_SESSION['DivisionId'] != "Direct") and ($_SESSION['DivisionId'] != "ASSETS") and ($_SESSION['DivisionId'] != "Transport") and ($_SESSION['DivisionId'] != "Housing"))
     {
    echo 
    "<br>";
    echo
    "Your are not authorised to access this area -You do not have enough privelages to access this area-<a href='Main_Login_Recommender.php'>LOGIN</a>";
    exit();
    }
    ?>

  2. #2
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    dont set those session variables if they are not logged in.

    you also might want to call exit; if the $_SESSION['auth'] is not set.

  3. #3
    SitePoint Addict
    Join Date
    Jun 2005
    Posts
    260
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    how about just putting a check function at the top of whatever page(s) you're trying to protect. It only kicks into action if the person is not authenticated:

    PHP Code:
    function authenticate()
    {
        if (empty(
    $_SESSION['auth'])) {
            
    header('Location: http://www.example.com/LOGIN_PAGE/');
            exit;
        }


  4. #4
    SitePoint Enthusiast
    Join Date
    Aug 2006
    Posts
    42
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it's better to check if the session is empty than if it is set


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •