Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
tags where appropriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
OK.. I am not a PHP coder but more like a generic guy who can make web pages and "Play" with codes.
I have used a tutorial to make a simple passsword login form to allow users into a different part of a
website. However, the tutorial does not show how to actually "Protect" the pages that you want secure...
Lame I know...
Here is the code for the login ( it all works and I already have the database set up as well )
It looks like that login page creates a session when a person successfully logs in. You need each page you want to secure to check that session (maybe verify it against the DB contents) to see if the user is authenticated. You can easily do that by including an authentication check page at the top of each page:
if(isset($_SESSION['MM_Username']))
{
check_if_session_username_is_authenticated_in_db();
if(user_not_authenticated)
{
dump_an_error_message();
exit();
}
//if user is authenticated, you don't need to do anything
}
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.