controlling page access
Moderator: General Moderators
-
CrazyJimmy
- Forum Commoner
- Posts: 34
- Joined: Tue Nov 19, 2002 1:40 pm
controlling page access
Hi,
I have a script which validates users using a mysql database, when they are validated they are directed to control.php. this works fine, but how can I stop people just putting the url for control.php and accessing it directly?
Dave
I have a script which validates users using a mysql database, when they are validated they are directed to control.php. this works fine, but how can I stop people just putting the url for control.php and accessing it directly?
Dave
You need a 'gatekeeper' at the top of each script to verify (usually based on a session var) that they are authenticated.
The bigger problem is non-script content such as .xls files or such, you need to store them out of the htm root and then use a helper script that sends the headers and content to them after checking authentication.
The bigger problem is non-script content such as .xls files or such, you need to store them out of the htm root and then use a helper script that sends the headers and content to them after checking authentication.
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
If you are using PHP 4.1 or above then you should use something like:
instead of
Mac
Code: Select all
if (!empty($_SESSIONї'valid_user'])) {Code: Select all
if (session_is_registered("valid_user"))- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Not quite, empty() checks whether a variable is set and whether it is equal to an empty string or 0, if the variable is not set or is equal to an empty string or zero then the function returns true. So you'd need to adjust the code above to something like:
Mac
Code: Select all
if (empty($_SESSIONї'valid_user'])) { //note no ! before empty() call
echo 'Sorry, but you are not signed in.';
} else {
//Main body goes here
}-
CrazyJimmy
- Forum Commoner
- Posts: 34
- Joined: Tue Nov 19, 2002 1:40 pm
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK