Page 1 of 1

Secure website

Posted: Thu Jan 06, 2011 3:46 pm
by Cucumberdude
This might belong in PHP - Security but oh well.

So basically, I'm trying to make a website with a login system. The system sets $_SESSION['login'] = 1 if the client logs in correctly. That works fine.

The problem is that the secure pages each contain a crapload of HTML code that I really don't want to have to cram into an echo (see below).

Code: Select all

if(!$_SESSION['login'])
{
REDIRECT
}
else
{
echo('HUNDREDS OF LINES OF HTML');
}
Currently, my site redirects people who aren't logged in (see below), but that's obviously not secure. It allows them to see the pages for a fraction of a second. Which is not okay.

Code: Select all

if(!$_SESSION['login'])
{
REDIRECT
}

<html>....
tl;dr; is there any way I can protect my web pages without having to echo their entire contents through PHP?

Re: Secure website

Posted: Thu Jan 06, 2011 3:55 pm
by s992

Code: Select all

<?php
if( ! $_SESSION['login']) {
    //redirect...
} else {
?>
<!---drop all your html here--->
<?php
} //closes the "else" clause 
?>
That doesn't work for you?

Re: Secure website

Posted: Thu Jan 06, 2011 3:57 pm
by pickle
Put a call to exit() or die() after your header redirect and you won't get flashes of HTML.

The PHP interpreter is responsible for generating all content when a PHP file is requested. So, if you put a header redirect at the top of your file, followed by exit(), that effectively sends the redirect header, and stops all other output.

Example:

Code: Select all

<?php
if(!isset($_SESSION['login']) || $_SESSION['login'] != 1)
{
  header("Location: http://www.yoursite.com");
  exit();
}
?>

<html>
put what you want here - it won't be seen if the if() condition above is satisfied

Re: Secure website

Posted: Thu Jan 06, 2011 3:57 pm
by Cucumberdude
Oh wow.

I totally didn't know that you could close php tags and then resume code after they opened... Thanks so much!

<3