Secure website

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Cucumberdude
Forum Newbie
Posts: 14
Joined: Sun Dec 12, 2010 11:53 pm

Secure website

Post by Cucumberdude »

This might belong in PHP - Security but oh well.

So basically, I'm trying to make a website with a login system. The system sets $_SESSION['login'] = 1 if the client logs in correctly. That works fine.

The problem is that the secure pages each contain a crapload of HTML code that I really don't want to have to cram into an echo (see below).

Code: Select all

if(!$_SESSION['login'])
{
REDIRECT
}
else
{
echo('HUNDREDS OF LINES OF HTML');
}
Currently, my site redirects people who aren't logged in (see below), but that's obviously not secure. It allows them to see the pages for a fraction of a second. Which is not okay.

Code: Select all

if(!$_SESSION['login'])
{
REDIRECT
}

<html>....
tl;dr; is there any way I can protect my web pages without having to echo their entire contents through PHP?
s992
Forum Contributor
Posts: 124
Joined: Wed Oct 27, 2010 3:06 pm

Re: Secure website

Post by s992 »

Code: Select all

<?php
if( ! $_SESSION['login']) {
    //redirect...
} else {
?>
<!---drop all your html here--->
<?php
} //closes the "else" clause 
?>
That doesn't work for you?
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Secure website

Post by pickle »

Put a call to exit() or die() after your header redirect and you won't get flashes of HTML.

The PHP interpreter is responsible for generating all content when a PHP file is requested. So, if you put a header redirect at the top of your file, followed by exit(), that effectively sends the redirect header, and stops all other output.

Example:

Code: Select all

<?php
if(!isset($_SESSION['login']) || $_SESSION['login'] != 1)
{
  header("Location: http://www.yoursite.com");
  exit();
}
?>

<html>
put what you want here - it won't be seen if the if() condition above is satisfied
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Cucumberdude
Forum Newbie
Posts: 14
Joined: Sun Dec 12, 2010 11:53 pm

Re: Secure website

Post by Cucumberdude »

Oh wow.

I totally didn't know that you could close php tags and then resume code after they opened... Thanks so much!

<3
Post Reply