Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: Posting Code in the Forums to learn how to do it too.
I have this php code on the log in page. Then I want to keep a session to the next page so the visitors only can get to that page by log in. Right now the visitors can write the adress for the logged in page and they get there. I want them to get back to the log in page instead. I would be glad if someone could help me
<?php
session_start();
$data=array("client1"=>array("url"=>"client1.php","password"=>"client1"),
"client2"=>array("url"=>"client2.php","password"=>"client2"));
if(isset($_POST['username']) && isset($_POST['password'])) {
if($data[$_POST['username']]['password'] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'] . " " . $_POST['password'];
header('Location: ' . $data[$_POST['username']]['url']);
} else {
login('Wrong user name or password. <br>');
}
} else {
login();
}
?><?php
function login($response='Här loggar du in.') {
?>
pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: Posting Code in the Forums to learn how to do it too.
session_destroy() should wipe all data from the current session. The only thing it doesn't do is unset the cookie. If you wanted to, you'd have to do it manually:
If (isset(loggedin var)){
//logged in
}else {
//header redirect to login page
[b]exit();[/b] //[color=#FF0000]otherwise the script below will continue executing![/color]
}
Don't forget to unset it (or destroy the session) when the user logs out!