Securing PHP webpage/url access
Moderator: General Moderators
Securing PHP webpage/url access
Dear All,
How can I secure my webpage url from outsider getting to see my pages, for example,
http://www.website/mypage.php.
Now anyone can logon to my website and access these pages, assuming these pages were intended for only me to access. How can I prevent anyone from just typing in the url (http://www.website/mypage.php) and accessing my page?
I'll appreciate all help and suggestions.
thanks
Dave
How can I secure my webpage url from outsider getting to see my pages, for example,
http://www.website/mypage.php.
Now anyone can logon to my website and access these pages, assuming these pages were intended for only me to access. How can I prevent anyone from just typing in the url (http://www.website/mypage.php) and accessing my page?
I'll appreciate all help and suggestions.
thanks
Dave
Re: Securing PHP webpage/url access
the best way is to use templates, but if youre not into that then make everything be processed through an index.php page.
Then at the beginning of every page you have
<?php
if($_SERVER['REQUEST_URI'] != "/index.php"){
header("Location:http://www.yoursite.com/index.php");
?>
Then at the beginning of every page you have
<?php
if($_SERVER['REQUEST_URI'] != "/index.php"){
header("Location:http://www.yoursite.com/index.php");
?>
Re: Securing PHP webpage/url access
You should either create a PHP based login system, or use Apache authentication methods - http://httpd.apache.org/docs/2.2/howto/auth.html
-
WebbieDave
- Forum Contributor
- Posts: 213
- Joined: Sun Jul 15, 2007 7:07 am
Re: Securing PHP webpage/url access
You can permit only certain ip addresses access to the page (whitelisting) or, as suggested above, protect access to the page with a username and password. Either of these methods can be implemented in PHP or via web server configuration.
Re: Securing PHP webpage/url access
Just another option. Set protected directories in your server.
Hope it helps.
Hope it helps.
Re: Securing PHP webpage/url access
How would that help restricting the access from other users?hansford wrote:the best way is to use templates, but if youre not into that then make everything be processed through an index.php page.
Then at the beginning of every page you have
<?php
if($_SERVER['REQUEST_URI'] != "/index.php"){
header("Location:http://www.yoursite.com/index.php");
?>
-
devendra-m
- Forum Contributor
- Posts: 111
- Joined: Wed Sep 12, 2007 3:16 am
Re: Securing PHP webpage/url access
you can check ip address with $_SERVER['REMOTE_ADDR'] or RewriteCond %{REMOTE_ADDR} in htaccess
- The_Anomaly
- Forum Contributor
- Posts: 196
- Joined: Fri Aug 08, 2008 4:56 pm
- Location: Tirana, Albania
Re: Securing PHP webpage/url access
I was under the impression that IP Adresses are generally not the best way to prevent access, as they are constantly changing. That is, unless you have a static one--which the OP did not specify. Am I correct at this? Or does the IP not change that often?devendra-m wrote:you can check ip address with $_SERVER['REMOTE_ADDR'] or RewriteCond %{REMOTE_ADDR} in htaccess
As was formerly posted, you can just set up a PHP based login system. Or server based authentication.
Re: Securing PHP webpage/url access
Basically, the way I do this for my CMS is this (You can customize it to make it pretty):
1. Create a login page that asks for a passphrase; in the php, create a session variable ($_SESSION['loggedIn']) that is false, until it receives a proper POST of the passphrase, at which point it sets it to true.
2. Create a checklogin.php which essentially contains:
3. At the top of each page you wish to secure, on the very first line do <?php require('checklogin.php'); ?>
This completely stops the server from sending information from that script to the browser. You can have die() output something when it's exiting, though, so you can use a redirect, for example, to send the browser to the login page.
It's not 100% secure, but it works pretty well.
Good Luck,
OmniUni
1. Create a login page that asks for a passphrase; in the php, create a session variable ($_SESSION['loggedIn']) that is false, until it receives a proper POST of the passphrase, at which point it sets it to true.
2. Create a checklogin.php which essentially contains:
Code: Select all
<?php
if(!$_SESSION['loggedIn']){
die();
}
?>This completely stops the server from sending information from that script to the browser. You can have die() output something when it's exiting, though, so you can use a redirect, for example, to send the browser to the login page.
It's not 100% secure, but it works pretty well.
Good Luck,
OmniUni