SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Jul 2009
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question How to jump to secured page?

    Super easy question from a n00b:

    If user enters a password in a form, I want to go to a page that is not otherwise reachable.

    Making the form and the page and getting the password and jumping to the page are all doable.

    What I want to know is, how do I make a page you can't get to any other way? I could jump to foo.html but if someone is smart enough to point the ol' browser at http://mydomain.com/foo.html then the proverbial jig is up.

    Thanks

    Fish

  2. #2
    Non-Member thewebhostingdir's Avatar
    Join Date
    Oct 2005
    Posts
    703
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can include a file that checks the posted data(e.g. submit.php), if no posted data is available you can simply tag that http request as "404 Not Found" and redirect the visitor to 404 page.

    If the form is posted to submit.php then there will be some posted data available in submit.php, in that case you can do necessary operation.

  3. #3
    SitePoint Guru
    Join Date
    Jan 2005
    Location
    heaven
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by thewebhostingdir View Post
    You can include a file that checks the posted data(e.g. submit.php), if no posted data is available you can simply tag that http request as "404 Not Found" and redirect the visitor to 404 page.

    If the form is posted to submit.php then there will be some posted data available in submit.php, in that case you can do necessary operation.
    Do not do that. That's a very bad idea and easily subverted.

    There are plenty of tutorials out there on authentication in PHP. Google it. Or check out sitepoints php articles.
    Creativity knows no other restraint than the
    confines of a small mind.
    - Me
    Geekly Humor
    Oh baby! Check out the design patterns on that framework!

  4. #4
    SitePoint Addict
    Join Date
    Dec 2007
    Posts
    348
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The way I do things is that every request on the application corresponds to an action, so a page view would be an action. (that doesn't mean I have a separate action method for each page of course)

    each action/method has an access level associated with it, which the application controller checks on each request. if the requesting user (checked by $_SESSION or however else you want) has an appropriate access level then the page is served (or the action is otherwise performed), otherwise they get a 403 header.

    so your control would somehow have to know that foo.html is a secure page and the user must be authenticated to view it. if you are using plain html files on your server then configure Apache so that these can't be loaded directly (force everything through a gateway file) or store them in a secure directory or whatever else - if you're storing in a database then each page record in the database can have an 'access' column which the application checks once the page is requested.

  5. #5
    SitePoint Member
    Join Date
    Jul 2009
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I must say I am surprised at the variety of asnwers ... I assumed there was a one size fits all stock php idiom for this ....

    Riley

  6. #6
    SitePoint Enthusiast
    Join Date
    Nov 2006
    Location
    Sydney, Australia
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SuperFish View Post
    I must say I am surprised at the variety of asnwers ... I assumed there was a one size fits all stock php idiom for this ....

    Riley
    Not quite.

    It really depends on how you are building your application and the employed design principles.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •