my page security script doesnt work!!!!!!!!!!!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

my page security script doesnt work!!!!!!!!!!!

Post by cap2cap10 »

Hello again, php technorati. I have yet another issue for you to contemplate on.
I have a simple security script that I cant get to work. Here is the code:

Code: Select all

<?php
$pageID= $_GET['pageID'];
 
if($pageID == ' ') {
  header("Location: join.php");
}
 
echo $pageID
?>
If the pageID is empty, I want the user to be transfered to the join.php page.
What is wrong with my code? :banghead:

As always, Thanks in advance

Batoe

The path ahead has many obstacles and tribulations, but also success! The unknown Optimist
jmetzen
Forum Newbie
Posts: 5
Joined: Sat Feb 13, 2010 1:16 pm

Re: my page security script doesnt work!!!!!!!!!!!

Post by jmetzen »

Hey there,

The best way to "secure" your site probably depends on what you're trying to do exactly. When you mention a security script, I'm not sure whether or not you really need some kind of session system, etc.

Looking at your code, I would accomplish the redirect using something like this:

Code: Select all

 
<?php
if(!isset($_GET["pageID"]) || strlen(trim($_GET["pageID"])) == 0)
{
  // Redirect, possibly exit the script as well...
}
 
// You could also assign to another variable in an else block or something similar if you want to use something like $pageID.
echo $_GET["pageID"];
?>
 

Hope that helps at least a little.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: my page security script doesnt work!!!!!!!!!!!

Post by califdon »

cap2cap10 wrote:Hello again, php technorati. I have yet another issue for you to contemplate on.
I have a simple security script that I cant get to work. Here is the code:

Code: Select all

<?php
$pageID= $_GET['pageID'];
 
if($pageID == ' ') {
  header("Location: join.php");
}
 
echo $pageID
?>
If the pageID is empty, I want the user to be transfered to the join.php page.
What is wrong with my code? :banghead:
I wouldn't call that a security script, it doesn't make your site secure. But as to why it isn't redirecting the user, it would do that only if your expression
$pageID==''
evaluates to True and if absolutely nothing had yet been sent to the browser (that's the way the header() function works). In case there's no URL query string at all, $pageID won't equal '', it will be undefined. What you should be testing for is:
if(empty($pageID)) {
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

Re: my page security script doesnt work!!!!!!!!!!!

Post by cap2cap10 »

you are right. I realized that pageId is actually a random # generated, so if the user wanted to go back to that page, all they would have to do is change some of the numbers in the pageID to reuse the page. Does anyone have a way of securing pageID using this get method in the url that will ultimately secure the page from being used twice. Without sessions if possible.

Thanks again

Batoe

I only knew one man who found peace in marriage, He is currently six feet under!
jmetzen
Forum Newbie
Posts: 5
Joined: Sat Feb 13, 2010 1:16 pm

Re: my page security script doesnt work!!!!!!!!!!!

Post by jmetzen »

I think this highly depends on exactly what you're trying to do. If you're trying to keep certain parts of your website private or something like that, I would highly recommend some kind of authentication system.

If you just want to make sure that a pageID (or a page? I'm not sure how you're application works, if each page has a single unique ID, etc.) hasn't been used twice, you could store the pageIDs that have been used somewhere (a database for instance), and check them to make sure someone isn't reusing them.

Again, it depends on what you're trying to accomplish.
Post Reply