Page 1 of 1

Login Redirect

Posted: Sun Mar 30, 2003 6:34 pm
by seeker2921
Hello,

I have a login script that when someone logs in it directs them to there folder.. I want a script to add into the index.php file of the users folder so that if they just type in the url with the folder name it ownt just bypass the login script.. so I need it to force the user to log in.. heres the log in code I use..

login.php

Code: Select all

<?php 
# I suggest using && instead of AND.  Different interpretations/precedence and all that 
if(($PHP_AUTH_USER == "usr1") && ($PHP_AUTH_PW == "test")) 
{ 
header("Location: /usr1/"); 
} 
# you forgot to use elseif for the second statement. 
elseif(($PHP_AUTH_USER == "us2") && ($PHP_AUTH_PW == "test")) 
{ 
header("Location: /usr2/"); 
} 
else 
{ 
header("WWW-Authenticate: Basic realm="Subdomain""); 
header("HTTP/1.0 401 Unauthorized");
print("This page is PROTECTED by HTTP Authentication.<br>"); 
print("DO NOT TRY TO ACCESS THIS SITE IF YOU ARE NOT AUTHORIZED!"); 
} 
?>
Thanx for your help..

Posted: Sun Mar 30, 2003 6:50 pm
by McGruff
If the folder is .htaccess protected (deny from all), any files within it can't be called directly so you don't need any bad access scripts. You'd need to

include('usr1/index.php')

rather than header().

I wonder if it's good to mention to possible hackers that you're using apache authentication rather than php or whatever - gives them some info on what to target. Not a big deal (afaik http auth is pretty secure) just a general principle.

Try: "this site is protected by big, lumpy men with baseball bats" instead.

Posted: Sun Mar 30, 2003 7:30 pm
by Bill H
I use sessions to do that. At the top of each page other than the login:

Code: Select all

<?php
if ($_SESSION['logged'] != "password")
{     header("Location:login.php");
      exit;
}
?>
and in the login page:

Code: Select all

<?php
     if (!strcmp($Password, $Row[User]))
     {    $_SESSION['logged'] = "password";
          header("Location:mainmenu.php");
          exit;
     }
?>

Posted: Sun Mar 30, 2003 7:44 pm
by seeker2921
I dont have mainmenu.php.. what page should be listed in that instead of mainmenu.php?

Posted: Sun Mar 30, 2003 11:31 pm
by Bill H
Whatever the main page is, or whatever page you want them directed to when they log in.