Page 1 of 1

Not sure what to call this, back door?

Posted: Tue Jan 08, 2008 10:42 pm
by me!
Hi all,

I have a registration system that checks a DB to confirm that rates and dates for that year are in place before allowing a customer to continue. That work fine, But I want to be able to use and test the system without it being accessible to others. So I was thinking I could just do http://www.mysite.com?bypass=1 That also works, the problem is that the index page also does all of the processing of the registration (3 steps) and I can't seam to keep access to the page :o

This is what I came up with but it don't work... It locks people out fine and allows me in with GET, but the sessions aren't working like I was thinking they would...

Code: Select all

// make sure the information for registrations is set up in the system or else give them and error page
if ($_GET["bypass"] == "yes" || $_SESSION['bypass'] == "1")
    {
    session_start();
    // store session data
    $_SESSION['bypass']=1;
    
    }else{
            if ($reg_year != date("Y")) 
            {
            include_once('not_aval.php');
            die;
            }
           } 

Posted: Tue Jan 08, 2008 10:45 pm
by me!
Oh and the session_start() function is BEFORE the <html> tag:

Posted: Wed Jan 09, 2008 12:53 am
by RobertGonzalez
What do you mean when you say you cannot keep access to the page?

Posted: Wed Jan 09, 2008 1:30 am
by Mordred
me! wrote:Oh and the session_start() function is BEFORE the <html> tag:
Move it before the if() that uses $_SESSION.