Page 1 of 1

redirect before 'restricted' page loads

Posted: Thu Nov 23, 2006 1:22 pm
by tarja311
Hi All.

I have a login system in place with some pages that 'normal' members should not have access to. I have tried to make it so only the admins have access to these specific pages. My existing code does work... but to a certain degree.

Code: Select all

if($admin == 0)	
{
	echo '<meta http-equiv="Refresh" Content="0; URL = sorry.php">';
}


Basically it pulls the admin value out of the database. If the user is 0, the page will redirect to sorry.php, otherwise it will take them to the admin pages.

Unfortunately the code above is not as quick as it needs to be. Any user can stop the page from redirecting and have access to the admin page. I have tried to make a "page in the middle" so to speak, but if the user knows the url to the admin page, they can still stop the redirection and have full access & control.

Is there anyway around this?

Thanks

-- tarja

Posted: Thu Nov 23, 2006 1:23 pm
by nickvd
Read up on the header() function...

Posted: Thu Nov 23, 2006 7:51 pm
by tarja311
Thanks for the reply.

I read up on header() but i don't know how to implement it into my current design, so i used this :

Code: Select all

echo '<meta http-equiv="Refresh" Content="0; URL = sorry.php">';
exit;
Now the 'restricted zone' doesn't load up where the user can do anything with it... and seems to work.

Thanks for the help

-- tarja

Posted: Thu Nov 23, 2006 7:55 pm
by John Cartwright
A user can easily disable meta redirects. I would definantly recommend

Code: Select all

header('Location: http://domain.com');
exit();
before anything is outputted to the browser or else you'll run into the infamous "Cannot send headers. Headers already sent".

Posted: Thu Nov 23, 2006 8:11 pm
by tarja311
I have tried :

Code: Select all

header('Location: sorry.php');
but i guess it does not work that way. It wants a full url, no?

EDIT:

oops sorry it does work if i stick it on top of the page, but it does not work inside my if statement.

Code: Select all

if(($admin == 0) || ($username == ""))	// if admin code is 0 or if no username is provided...
{

 	header('Location: sorry.php');
	exit();

}