Page 1 of 1
redirecting pages
Posted: Sat Oct 11, 2003 4:22 pm
by gavinbsocom
Code: Select all
<?php
<?
if ($_POST["name"] == "gavin" && $_POST["pass"] == "socom") {
header('Location: login.php');
} else {
header('Location: nologin.php');
}
?>
?>
ok that passes a form, for a single password, but what would i have to write so that you cant just type the url...
http://www.bniclan.com/login.php...so it wont go to that unless you enter the information. Like if enter that in the adress bar, it just goes, i wont it to not go ,, any one understand?
Posted: Sat Oct 11, 2003 5:04 pm
by Gen-ik
Just bouncing variables around with _POST and _GET isn't very secure and can be easily 'hacked'. The best thing to do is learn how to use SESSIONS, that way the variables you use remain invisible to the user.
Posted: Sat Oct 11, 2003 5:09 pm
by JAM
Just adding another approach, as sessions is good for this...
Using include() and placing the file out of the public_html files.
Code: Select all
if ($_POST["name"] == "gavin" && $_POST["pass"] == "socom") {
include('not/in/public_html/tree/login.php');
} else {
header('Location: nologin.php');
}
Placing the file in a place where the user cant access it, but PHP can, is one solution.
Posted: Sat Oct 11, 2003 5:22 pm
by gavinbsocom
ok so where do i put that file? outside of the html folder? or in it? im not understanding, should i put it in the database folder?
Posted: Sat Oct 11, 2003 5:27 pm
by Stoneguard
Create a directory specifically for non-accessible php scripts. It's a very nice ability of php to be able to include these.
For instance under windows, I might would have it on c:\scripts\
Posted: Sun Oct 12, 2003 12:48 am
by gavinbsocom
Ok stone guard, im a newbie, and i have no feaking idea what your saying.....I have my main file ( default.php) which has a form in it. Now should that form to the page i wont to be passworded, or should i send it to a page like (enter.php) and then put
<?php
if ($_POST["name"] == "bni" && $_POST["pass"] == "socom") {
header('Location: script/ladders.php');
} else {
header('Location: error.php');
}
?>
or should i put that^^^^^^^, on the page i wont passworded. I'm not understanding this make a folder and store it here? this is really confusing....thakns for all the help so far...
Posted: Sun Oct 12, 2003 1:38 pm
by m3rajk
a fw things...
one: your url:
The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
--------------------------------------------------------------------------------
Please try the following:
If you typed the page address in the Address bar, make sure that it is spelled correctly.
Open the
http://www.bniclan.com home page, and then look for links to the information you want.
Click the Back button to try another link.
HTTP 404 - File not found
Internet Information Services
--------------------------------------------------------------------------------
Technical Information (for support personnel)
More information:
Microsoft Support
next time it might help to get ti right, some people just try to speed through since there's so uch, your link not working might cut back.
http://www.bniclan.com/login.php gets
CGI Error
The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are:
two: php and code tags. all bb code is good. especially those two. when posting php, always post it in php tags. it makes your code MUCH easier to read: example:
Code: Select all
<?php
if ($_POST["name"] == "bni" && $_POST["pass"] == "socom") {
header('Location: script/ladders.php');
} else {
header('Location: error.php');
}
?>
ok. moving on to trying to help....
outside the web folder menas.. ok. i'll use a posix environment to example this:
your web space: /home/YourUserName/WWW/
outside your webspace is anything NOT in the above mentioned folder
you then include a file /home/YourUseName/protected/file.php
if you have the luxury of a database, you should make it so that all password protected pages require that a database connection be established and that the usename/pw combo be valid for viewing that page.
now. if you have any trouble undertanding anything i said, take a deep breath, apologize to stone for the polite form of the explitive you said to him.
realize you're doing stuff on the web, and that not knowing things needed to set up a website is a reason to explain thatyou don't host on your own and don't understand and need more help. not to get made and say you have no freaking idea. having no freaking idea is why you're here. but being rude will get you ignored. i SHOULD be ignoring you like i knowothers WILL do for that. but i'm being extra nice today. do yourself a favor, read, and make sure to understand, every last word on this link:
http://www.catb.org/~esr/faqs/smart-questions.html
Posted: Sun Oct 12, 2003 8:50 pm
by gavinbsocom
IM sorry stonegaurd, my bad, and thankyou m3rajk for helping and giving me that piece of advice.
Posted: Sun Oct 12, 2003 8:53 pm
by Cruzado_Mainfrm

if you do not know what the freakin' thing is that, you better look in the web for an answer to that, instead of knocking your head with the wall.
In that page, in how to ask questions the smart way says to ask a skilled friend, and IMHO i'd rather look for the answer myself, struggle at least an hour or more, and maybe then ask in a forum...