redirecting pages

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
gavinbsocom
Forum Commoner
Posts: 71
Joined: Tue Sep 30, 2003 9:51 pm

redirecting pages

Post by gavinbsocom »

Code: Select all

<?php
<? 

if ($_POST["name"] == "gavin" && $_POST["pass"] == "socom") { 
   header('Location: login.php'); 
} else { 
   header('Location: nologin.php'); 
} 

?> 

?>
ok that passes a form, for a single password, but what would i have to write so that you cant just type the url... http://www.bniclan.com/login.php...so it wont go to that unless you enter the information. Like if enter that in the adress bar, it just goes, i wont it to not go ,, any one understand?
Gen-ik
DevNet Resident
Posts: 1059
Joined: Mon Aug 12, 2002 7:08 pm
Location: London. UK.

Post by Gen-ik »

Just bouncing variables around with _POST and _GET isn't very secure and can be easily 'hacked'. The best thing to do is learn how to use SESSIONS, that way the variables you use remain invisible to the user.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Just adding another approach, as sessions is good for this...
Using include() and placing the file out of the public_html files.

Code: Select all

if ($_POST["name"] == "gavin" && $_POST["pass"] == "socom") {
    include('not/in/public_html/tree/login.php');
} else {
   header('Location: nologin.php');
}
Placing the file in a place where the user cant access it, but PHP can, is one solution.
gavinbsocom
Forum Commoner
Posts: 71
Joined: Tue Sep 30, 2003 9:51 pm

Post by gavinbsocom »

ok so where do i put that file? outside of the html folder? or in it? im not understanding, should i put it in the database folder?
Stoneguard
Forum Contributor
Posts: 101
Joined: Wed Aug 13, 2003 9:02 pm
Location: USA

Post by Stoneguard »

Create a directory specifically for non-accessible php scripts. It's a very nice ability of php to be able to include these.

For instance under windows, I might would have it on c:\scripts\
gavinbsocom
Forum Commoner
Posts: 71
Joined: Tue Sep 30, 2003 9:51 pm

Post by gavinbsocom »

Ok stone guard, im a newbie, and i have no feaking idea what your saying.....I have my main file ( default.php) which has a form in it. Now should that form to the page i wont to be passworded, or should i send it to a page like (enter.php) and then put

<?php

if ($_POST["name"] == "bni" && $_POST["pass"] == "socom") {
header('Location: script/ladders.php');
} else {
header('Location: error.php');
}

?>

or should i put that^^^^^^^, on the page i wont passworded. I'm not understanding this make a folder and store it here? this is really confusing....thakns for all the help so far...
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

a fw things...

one: your url:
The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.

--------------------------------------------------------------------------------

Please try the following:

If you typed the page address in the Address bar, make sure that it is spelled correctly.

Open the http://www.bniclan.com home page, and then look for links to the information you want.
Click the Back button to try another link.
HTTP 404 - File not found
Internet Information Services


--------------------------------------------------------------------------------

Technical Information (for support personnel)

More information:
Microsoft Support
next time it might help to get ti right, some people just try to speed through since there's so uch, your link not working might cut back. http://www.bniclan.com/login.php gets
CGI Error
The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are:
two: php and code tags. all bb code is good. especially those two. when posting php, always post it in php tags. it makes your code MUCH easier to read: example:

Code: Select all

<?php

if ($_POST["name"] == "bni" && $_POST["pass"] == "socom") { 
   header('Location: script/ladders.php'); 
} else { 
   header('Location: error.php'); 
} 

?>

ok. moving on to trying to help....

outside the web folder menas.. ok. i'll use a posix environment to example this:

your web space: /home/YourUserName/WWW/
outside your webspace is anything NOT in the above mentioned folder
you then include a file /home/YourUseName/protected/file.php


if you have the luxury of a database, you should make it so that all password protected pages require that a database connection be established and that the usename/pw combo be valid for viewing that page.


now. if you have any trouble undertanding anything i said, take a deep breath, apologize to stone for the polite form of the explitive you said to him.

realize you're doing stuff on the web, and that not knowing things needed to set up a website is a reason to explain thatyou don't host on your own and don't understand and need more help. not to get made and say you have no freaking idea. having no freaking idea is why you're here. but being rude will get you ignored. i SHOULD be ignoring you like i knowothers WILL do for that. but i'm being extra nice today. do yourself a favor, read, and make sure to understand, every last word on this link: http://www.catb.org/~esr/faqs/smart-questions.html
gavinbsocom
Forum Commoner
Posts: 71
Joined: Tue Sep 30, 2003 9:51 pm

Post by gavinbsocom »

IM sorry stonegaurd, my bad, and thankyou m3rajk for helping and giving me that piece of advice.
Cruzado_Mainfrm
Forum Contributor
Posts: 346
Joined: Sun Jun 15, 2003 11:22 pm
Location: Miami, FL

Post by Cruzado_Mainfrm »

:D if you do not know what the freakin' thing is that, you better look in the web for an answer to that, instead of knocking your head with the wall.
In that page, in how to ask questions the smart way says to ask a skilled friend, and IMHO i'd rather look for the answer myself, struggle at least an hour or more, and maybe then ask in a forum...
Post Reply