How to restrict acess to a page if typed in adressBar

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Jakei
Forum Newbie
Posts: 2
Joined: Thu Apr 24, 2008 7:57 pm

How to restrict acess to a page if typed in adressBar

Post by Jakei »

Hi I'm a newbie,

My websites has privileges;
When your logged in, privilege=5 and the link "textArea" appears on every htmlPage;
When u click on textArea, you have access to my textArea page that does not exists if you're not logged in which means privilege=0 .
My problem is, I dont want anyone who hasnt logged in to have access to this particular page if privilege=0. example:

localhost/myWebsiteFolder/index.php?idChoice=textArea

-----------------this is my code now I really dont know if I'm on the right path
//define('ID_CHOICE',fct_SESSION('idChoice',"home")); which is in my variableInit.php file;

//this instruction is in another php file.
if (PRIVILEGE == 0)
{
$searchThis=array('idChoice'=> 'editeur');
if (array_key_exists('idChoice',$searchThis)){
echo "-------------------I'm trying to hijack you-------------";

$_SESSION['idChoice] = 'login';
}

$lienLogin = array('idChoice' => 'login');
echo fct_lien ( $lienLogin, 'login');
}else{

$lienLogin = array('idChoice' => 'logout');
echo fct_lien ( $lienLogin, 'logout');

}

please help !
Jakei
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Re: How to restrict acess to a page if typed in adressBar

Post by Kieran Huggins »

I have to say, I think I read your post 3 times and I'm still not sure what you're trying to accomplish.

Can you give us a specific use case?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: How to restrict acess to a page if typed in adressBar

Post by Chris Corbyn »

Code: Select all

<?php
 
if (PRIVILEGE != 5) {
  exit('Access denied');
}
Not very elegant, but easy for a "newbie" to understand :)
Post Reply