security issue

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
atemught
Forum Newbie
Posts: 1
Joined: Thu Mar 12, 2009 3:47 pm

security issue

Post by atemught »

Hi all
I am building a small website with an area where members must log in, the problem is that if you enter the URL of a membership area page in your browser, you get access to this page even if you are not a member or not logged in. Is there a way of preventing this?
Thank you
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: security issue

Post by Mordred »

Read about sessions.
On a successful login, set a session variable like $_SESSION['logged']=1;
On logout, unset it.
On the membership page, check if it's 1, if not redirect to the login page and call exit();
Post Reply