Please support our PHP advertiser: Lunarpages PHP Web Hosting
 |
•
•
Join Date: Oct 2007
Location: Penang Island, Malaysia
Posts: 176
Reputation: 
Rep Power: 2
Solved Threads: 2
Junior Poster
Administrator's Page Security Settings With PHP I have 2 some pages in the website I'm developing. I've also an admin page. If i want to log in to the admin page, I've to key in username and password and it will be validated and redirect me to the admin's page. The problem is, if I manually input the direct url for the admin's page, the browser will open the url without asking for any validation.
?? Question ??
1. How to disable the user to just open the admin's page with direct link without any validation?
2. How to prompt the user to key in username and password if the direct url is used?
3. How to disable the usage of direct url (for admin's page)?
?? Question ??
1. How to disable the user to just open the admin's page with direct link without any validation?
2. How to prompt the user to key in username and password if the direct url is used?
3. How to disable the usage of direct url (for admin's page)?
"I might not be the BEST but I'm not like the REST!"
•
•
Join Date: Feb 2008
Posts: 12
Reputation:
Rep Power: 1
Solved Threads: 1
Newbie Poster
•
•
•
•
Originally Posted by lordx78 
I have 2 some pages in the website I'm developing. I've also an admin page. If i want to log in to the admin page, I've to key in username and password and it will be validated and redirect me to the admin's page. The problem is, if I manually input the direct url for the admin's page, the browser will open the url without asking for any validation.
?? Question ??
1. How to disable the user to just open the admin's page with direct link without any validation?
2. How to prompt the user to key in username and password if the direct url is used?
3. How to disable the usage of direct url (for admin's page)?
I've handled this problem in my applications by using a SESSION random value which is initiated at my login page itself.
Lets say your initial loading page is login.php. It would contain the following LOC
<?php
session_start();
if($_POST[úserID'])
{
$_SESSION['randomvalue']=rand();
$_SESSION['loginValue']=md5($_SESSION['randomValue']);
}
else
{
écho '<script>';
echo "document.location='logout.php'";
echo"</script>";
}
?>Please note , this page is accessible only through login .
Lets say the URL to the adminSetting is admin.php. include these lines in the code
if($_SESSION['loginValue'])
{
$checkValue=md5($_SESSION['randomValue']);
if($checkValue==trim($_SESSION['loginValue']){
{
}
else
{
écho '<script>';
echo "alert('Enter USER NAME and PASSWORD')";
echo"</script>";
}
}The direct usage of url can be controlled through javascript.
Hope this helped.
web_lock
--------------------------------------------------------------------------------------
God created the world out of atoms, I intend on creating mine out of 1's and 0's
--------------------------------------------------------------------------------------
God created the world out of atoms, I intend on creating mine out of 1's and 0's
•
•
Join Date: Oct 2007
Location: Penang Island, Malaysia
Posts: 176
Reputation:
Rep Power: 2
Solved Threads: 2
Junior Poster
Thanks for the code, I will give it a try before I reply this thread.
"I might not be the BEST but I'm not like the REST!"
•
•
Join Date: Nov 2007
Location: Las Vegas, Nevada
Posts: 83
Reputation:
Rep Power: 2
Solved Threads: 14
Junior Poster in Training
•
•
•
•
Originally Posted by web_lock
I've handled this problem in my applications by using a SESSION random value which is initiated at my login page itself.
Lets say your initial loading page is login.php. It would contain the following LOC
<?php session_start(); if($_POST[úserID']) { $_SESSION['randomvalue']=rand(); $_SESSION['loginValue']=md5($_SESSION['randomValue']); } else { écho '<script>'; echo "document.location='logout.php'"; echo"</script>"; } ?>
That works. I would change one thing, however.
instead of echoing the javascript to redirect the page, I would keep it as PHP by using the header function like so:
php Syntax (Toggle Plain Text)
using javascript to redirect will allow the user access to the page you're trying to keep secure simply by disabling javascript in their browser. The header function redirects server-side, so they never get to the page.
For additional security, you should probably also validate the $_POST['userID'] against a username/password combination in a database, otherwise someone could write a script on a remote website to post any value for 'userID' and it will let them through.
|
Similar Threads
Other Threads in the PHP Forum
- Invalid Syntax Error (Viruses, Spyware and other Nasties)
- c:\searchpage.html --- mtwirl.dll -- Please help! (Viruses, Spyware and other Nasties)
- Homepage for IE keeps resetting to about:blank (Viruses, Spyware and other Nasties)
- the infamous Bridge.dll startup error (Viruses, Spyware and other Nasties)
- Norton WMI Update doesn't work (Viruses, Spyware and other Nasties)
- My HiJackThis Log (Viruses, Spyware and other Nasties)
- about:blank long lasting problem - Logfile of HijackThis (Viruses, Spyware and other Nasties)
Other Threads in the PHP Forum
- Previous Thread: populate combo box
- Next Thread: Please help on links
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
