redirect before 'restricted' page loads

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tarja311
Forum Commoner
Posts: 73
Joined: Fri Oct 20, 2006 10:57 pm

redirect before 'restricted' page loads

Post by tarja311 »

Hi All.

I have a login system in place with some pages that 'normal' members should not have access to. I have tried to make it so only the admins have access to these specific pages. My existing code does work... but to a certain degree.

Code: Select all

if($admin == 0)	
{
	echo '<meta http-equiv="Refresh" Content="0; URL = sorry.php">';
}


Basically it pulls the admin value out of the database. If the user is 0, the page will redirect to sorry.php, otherwise it will take them to the admin pages.

Unfortunately the code above is not as quick as it needs to be. Any user can stop the page from redirecting and have access to the admin page. I have tried to make a "page in the middle" so to speak, but if the user knows the url to the admin page, they can still stop the redirection and have full access & control.

Is there anyway around this?

Thanks

-- tarja
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

Read up on the header() function...
tarja311
Forum Commoner
Posts: 73
Joined: Fri Oct 20, 2006 10:57 pm

Post by tarja311 »

Thanks for the reply.

I read up on header() but i don't know how to implement it into my current design, so i used this :

Code: Select all

echo '<meta http-equiv="Refresh" Content="0; URL = sorry.php">';
exit;
Now the 'restricted zone' doesn't load up where the user can do anything with it... and seems to work.

Thanks for the help

-- tarja
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

A user can easily disable meta redirects. I would definantly recommend

Code: Select all

header('Location: http://domain.com');
exit();
before anything is outputted to the browser or else you'll run into the infamous "Cannot send headers. Headers already sent".
tarja311
Forum Commoner
Posts: 73
Joined: Fri Oct 20, 2006 10:57 pm

Post by tarja311 »

I have tried :

Code: Select all

header('Location: sorry.php');
but i guess it does not work that way. It wants a full url, no?

EDIT:

oops sorry it does work if i stick it on top of the page, but it does not work inside my if statement.

Code: Select all

if(($admin == 0) || ($username == ""))	// if admin code is 0 or if no username is provided...
{

 	header('Location: sorry.php');
	exit();

}
Post Reply