Login Redirect

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
seeker2921
Forum Contributor
Posts: 120
Joined: Sat Mar 22, 2003 7:10 pm
Location: Wiesbaden Germany
Contact:

Login Redirect

Post by seeker2921 »

Hello,

I have a login script that when someone logs in it directs them to there folder.. I want a script to add into the index.php file of the users folder so that if they just type in the url with the folder name it ownt just bypass the login script.. so I need it to force the user to log in.. heres the log in code I use..

login.php

Code: Select all

<?php 
# I suggest using && instead of AND.  Different interpretations/precedence and all that 
if(($PHP_AUTH_USER == "usr1") && ($PHP_AUTH_PW == "test")) 
{ 
header("Location: /usr1/"); 
} 
# you forgot to use elseif for the second statement. 
elseif(($PHP_AUTH_USER == "us2") && ($PHP_AUTH_PW == "test")) 
{ 
header("Location: /usr2/"); 
} 
else 
{ 
header("WWW-Authenticate: Basic realm="Subdomain""); 
header("HTTP/1.0 401 Unauthorized");
print("This page is PROTECTED by HTTP Authentication.<br>"); 
print("DO NOT TRY TO ACCESS THIS SITE IF YOU ARE NOT AUTHORIZED!"); 
} 
?>
Thanx for your help..
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

If the folder is .htaccess protected (deny from all), any files within it can't be called directly so you don't need any bad access scripts. You'd need to

include('usr1/index.php')

rather than header().

I wonder if it's good to mention to possible hackers that you're using apache authentication rather than php or whatever - gives them some info on what to target. Not a big deal (afaik http auth is pretty secure) just a general principle.

Try: "this site is protected by big, lumpy men with baseball bats" instead.
User avatar
Bill H
DevNet Resident
Posts: 1136
Joined: Sat Jun 01, 2002 10:16 am
Location: San Diego CA
Contact:

Post by Bill H »

I use sessions to do that. At the top of each page other than the login:

Code: Select all

<?php
if ($_SESSION['logged'] != "password")
{     header("Location:login.php");
      exit;
}
?>
and in the login page:

Code: Select all

<?php
     if (!strcmp($Password, $Row[User]))
     {    $_SESSION['logged'] = "password";
          header("Location:mainmenu.php");
          exit;
     }
?>
seeker2921
Forum Contributor
Posts: 120
Joined: Sat Mar 22, 2003 7:10 pm
Location: Wiesbaden Germany
Contact:

Post by seeker2921 »

I dont have mainmenu.php.. what page should be listed in that instead of mainmenu.php?
User avatar
Bill H
DevNet Resident
Posts: 1136
Joined: Sat Jun 01, 2002 10:16 am
Location: San Diego CA
Contact:

Post by Bill H »

Whatever the main page is, or whatever page you want them directed to when they log in.
Post Reply