secring multiple pages
Moderator: General Moderators
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: secring multiple pages
http://www.google.co.za/search?hl=af&q= ... php+notice
Have a look at this url. Hth
Have a look at this url. Hth
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: secring multiple pages
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: secring multiple pages
Hi Social;
I have tried this but still it does not gives me the answer. In my Auth page i have set the session variable and open a session.
In the auth page
-------------------
session start();
$_SESSION['lia'] = "$username";
//and this redirects into a home page which consists number of sub pages under tabs(like buttons when you click it will redirect to anothe page).
------------
In my Home page and in other pages.
-------------------
session_start();
if((!$_SESSION['lia'])){
header( 'Location: http://localhost/guestbook/useradd.php' ) ;//this is my auth page
}
else{
///the code
}
Session destroy();
--------------------
*** when I clicked on other tabs which is inside my home page, it will redirect to the auth page. that is not i want. i want is it should be accepted inside the home page and should not be accepted if out side world tries to access.
Regards
Shehan31
I have tried this but still it does not gives me the answer. In my Auth page i have set the session variable and open a session.
In the auth page
-------------------
session start();
$_SESSION['lia'] = "$username";
//and this redirects into a home page which consists number of sub pages under tabs(like buttons when you click it will redirect to anothe page).
------------
In my Home page and in other pages.
-------------------
session_start();
if((!$_SESSION['lia'])){
header( 'Location: http://localhost/guestbook/useradd.php' ) ;//this is my auth page
}
else{
///the code
}
Session destroy();
--------------------
*** when I clicked on other tabs which is inside my home page, it will redirect to the auth page. that is not i want. i want is it should be accepted inside the home page and should not be accepted if out side world tries to access.
Regards
Shehan31
social_experiment wrote:Yes that is refered to as an 'auth' page (unofficialy probably). You set some session variables when you login and then the 'auth' page checks if these values are set each time a 'protected' page is accessed. If the conditions are not met, the user is probably NOT logged in and trying to access the pages incorrectly, and invalidly and they are redirected to a page of your choice.HthCode: Select all
<?php session_start(); if ( !isset($_SESSION['member_id']) || trim($_SESSION['member_id'] == '') || !isset($_SESSION['member_name']) ) { unset($_SESSION['member_id']); unset($_SESSION['member_name']); header("location: somepage.php"); session_destroy(); exit(); } ?>
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: secring multiple pages
The code that you have on the other pages (home, etc) should be inside the 'auth' page. The reason for this is that you include this page so you don't have to write your check at the top of each page.
This is an example of the auth page. You then include it on all your other pages
Setting of session variables should be done when authentication is completed.
Code: Select all
<?php
session_start();
if (!isset($_SESSION['your_variable'])) {
header('location: login_page.php');
exit();
}
?>Code: Select all
<?php include_once('auth.php'); ?>Code: Select all
<?php $_SESSION['lia'] = "$username"; ?>“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: secring multiple pages
HI social;
Thank you for the reply. It isn't possible to include all the codes inside this auth.php page because they are big and I've got the feeling that all the five codes will be displayd in a one page. So it will make a mess.
Thank you for the reply. It isn't possible to include all the codes inside this auth.php page because they are big and I've got the feeling that all the five codes will be displayd in a one page. So it will make a mess.
Code: Select all
social_experiment wrote:Thank you for your support.The code that you have on the other pages (home, etc) should be inside the 'auth' page. The reason for this is that you include this page so you don't have to write your check at the top of each page.Whitout this the page still redirects into the auth page. The only problem is after the login using the auth.php, still it redirects to the login.php even if i click another page which is inside the home page. I am running out of thoughts.Code: Select all
<?php include_once('auth.php'); ?>![]()
Regards
Shehan31
session_start();
if (!isset($_SESSION['your_variable'])) {
header('location: login_page.php');
exit();
}
?>[/syntax]
This is an example of the auth page. You then include it on all your other pagesCode: Select all
<?php include_once('auth.php'); ?>Setting of session variables should be done when authentication is completed.Code: Select all
<?php $_SESSION['lia'] = "$username"; ?>
Re: secring multiple pages
Hello,
isn't the mentioned code vulnerable to SQL injection?
Regards.
isn't the mentioned code vulnerable to SQL injection?
Code: Select all
$username = $_POST['username'];
$password = $_POST['password'];
$sql = mysql_query("SELECT * FROM login WHERE user='$username' AND password='$password'")or die (" error with table");- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: secring multiple pages
Yes, mysql_real_escape_string() should always be used when accepting user input into a SQL query.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: secring multiple pages
Can Some one help to sort out this matter.
social_experiment wrote:Yes, mysql_real_escape_string() should always be used when accepting user input into a SQL query.
Re: secring multiple pages
Read my article and try the examples to see for yourself:
http://www.webappsec.org/projects/articles/091007.shtml
http://www.webappsec.org/projects/articles/091007.shtml
-
sankha.icraft
- Forum Newbie
- Posts: 2
- Joined: Tue Feb 22, 2011 7:33 am
- Location: Kolkata
Re: secring multiple pages
The discussion really help me.
Thanks.
Thanks.