web page structure

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
staar2
Forum Commoner
Posts: 83
Joined: Fri Apr 06, 2007 2:57 am

web page structure

Post by staar2 »

How you make your web page? I am little pit confused about that. How you connect all pages? How you make them secure?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Those are all very broad questions, and quite impossible to answer without writing a novel. Please ask specific questions.
staar2
Forum Commoner
Posts: 83
Joined: Fri Apr 06, 2007 2:57 am

Post by staar2 »

How i connect all the data between pages. Like in admin panel, i dont want to use GET to transfer all the data.
Like web.ee/admin/delete.php?id=1
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

the information in the url after ? is available in the $_GET superglobal.
staar2
Forum Commoner
Posts: 83
Joined: Fri Apr 06, 2007 2:57 am

Post by staar2 »

Jcart wrote:the information in the url after ? is available in the $_GET superglobal.
Sorry, did not explain clearly, wanted to say that someone evil man can also go into web.ee/admin/delete.php?id=1 this page and delete entry. How can i avoid it, use some sessions to control is the admin logged in ?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

  1. requiring another login to get into the admin area (or any pages underneath) can help.
  2. changing the session id when transitioning to other security layers helps too.
  3. Don't actually delete anything. Instead, mark it as deleted using a flagged column.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Typically when logging in a user is given a session flag to indicate they have permission to access specific pages. In the simplest sense, a is_logged_in flag of some sort is given, ie.

Code: Select all

//semi pseudo
session_start();

if (login is valid)
{
   $_SESSION['loggedin'] = true;
}
and then on your admin/delete.php at the top of the page you'd do

Code: Select all

session_start();
if (!isset($_SESSION['loggedin']) || !$_SESSION['loggedin'])
{
   //redirect to main page
   header('Location: http://domain.com/');
   exit();
}
staar2
Forum Commoner
Posts: 83
Joined: Fri Apr 06, 2007 2:57 am

Post by staar2 »

should i make Sessions like this Username and md5(password) each time when loads some secret page it checks username and password?
Post Reply