Need an extra set of eyes
Posted: Sat Feb 17, 2007 4:58 pm
I usually wouldn't bother with something so trivial, but because it's kind of the first and best firewall against attacks/hacks I figured I'd ask the community, incase i missed something.
basically I check if user ID is zero (not authenticated) and redirect to a login script...
Safe?
This is called inside an index.php which is in the same directory as login.php, so my next question (equally important)
Does the above make sure, that regardless where in a directory structure, the login.php is actually invoked?
What I mean is, assume I had it installed like:
Would it redirect to:
Or would it redirect to another sub-directory and thus result in 404 because login.php wasn't in that directory?
Thanks for any input
Code: Select all
$path = dirname($_SERVER['PHP_SELF']); // Drop currently requested file name with any $_GET parameters
$redirect_url = str_replace('//', '/', $_SERVER['HTTP_HOST'].'/'.$path.'/login.php');
header("location: http://$redirect_url");
exit;Safe?
This is called inside an index.php which is in the same directory as login.php, so my next question (equally important)
Does the above make sure, that regardless where in a directory structure, the login.php is actually invoked?
What I mean is, assume I had it installed like:
Code: Select all
www.domain.com/test/apps/index.phpCode: Select all
www.domain.com/test/apps/login.phpThanks for any input