Page 1 of 1
my page security script doesnt work!!!!!!!!!!!
Posted: Sat Feb 13, 2010 3:33 pm
by cap2cap10
Hello again, php technorati. I have yet another issue for you to contemplate on.
I have a simple security script that I cant get to work. Here is the code:
Code: Select all
<?php
$pageID= $_GET['pageID'];
if($pageID == ' ') {
header("Location: join.php");
}
echo $pageID
?>
If the pageID is empty, I want the user to be transfered to the join.php page.
What is wrong with my code?
As always, Thanks in advance
Batoe
The path ahead has many obstacles and tribulations, but also success! The unknown Optimist
Re: my page security script doesnt work!!!!!!!!!!!
Posted: Sat Feb 13, 2010 4:27 pm
by jmetzen
Hey there,
The best way to "secure" your site probably depends on what you're trying to do exactly. When you mention a security script, I'm not sure whether or not you really need some kind of session system, etc.
Looking at your code, I would accomplish the redirect using something like this:
Code: Select all
<?php
if(!isset($_GET["pageID"]) || strlen(trim($_GET["pageID"])) == 0)
{
// Redirect, possibly exit the script as well...
}
// You could also assign to another variable in an else block or something similar if you want to use something like $pageID.
echo $_GET["pageID"];
?>
Hope that helps at least a little.
Re: my page security script doesnt work!!!!!!!!!!!
Posted: Sat Feb 13, 2010 7:55 pm
by califdon
cap2cap10 wrote:Hello again, php technorati. I have yet another issue for you to contemplate on.
I have a simple security script that I cant get to work. Here is the code:
Code: Select all
<?php
$pageID= $_GET['pageID'];
if($pageID == ' ') {
header("Location: join.php");
}
echo $pageID
?>
If the pageID is empty, I want the user to be transfered to the join.php page.
What is wrong with my code?
I wouldn't call that a security script, it doesn't make your site secure. But as to why it isn't redirecting the user, it would do that only if your expression
$pageID==''
evaluates to True and if absolutely nothing had yet been sent to the browser (that's the way the header() function works). In case there's no URL query string at all, $pageID won't equal '', it will be undefined. What you should be testing for is:
if(empty($pageID)) {
Re: my page security script doesnt work!!!!!!!!!!!
Posted: Sat Feb 13, 2010 9:16 pm
by cap2cap10
you are right. I realized that pageId is actually a random # generated, so if the user wanted to go back to that page, all they would have to do is change some of the numbers in the pageID to reuse the page. Does anyone have a way of securing pageID using this get method in the url that will ultimately secure the page from being used twice. Without sessions if possible.
Thanks again
Batoe
I only knew one man who found peace in marriage, He is currently six feet under!
Re: my page security script doesnt work!!!!!!!!!!!
Posted: Sat Feb 13, 2010 9:48 pm
by jmetzen
I think this highly depends on exactly what you're trying to do. If you're trying to keep certain parts of your website private or something like that, I would highly recommend some kind of authentication system.
If you just want to make sure that a pageID (or a page? I'm not sure how you're application works, if each page has a single unique ID, etc.) hasn't been used twice, you could store the pageIDs that have been used somewhere (a database for instance), and check them to make sure someone isn't reusing them.
Again, it depends on what you're trying to accomplish.