DaniWeb Forum Index > Web Development > PHP

security using cookies/session variables

Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases

•

Join Date: Jun 2008

Posts: 46

Reputation: akshit is an unknown quantity at this point

Solved Threads: 0

akshit

Offline

Light Poster

security using cookies/session variables

Jul 19th, 2008

hey guys.

i hav this page (a.php), where i ask te user for his username and password. I match these with static values, and upon succesful matching, i redirect the user to b.php.

my prob-

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

will that not SHATTER my security??

how can i implement security so that if some1 has not signed in (on a.php) and directly enters the url of b.php, he is

1. sent back to (a.php)

or

2. nothing is displayed on b.php

pls. help

thanks a lot.

•

Join Date: Jul 2008

Posts: 1,076

Reputation: Shanti Chepuru is on a distinguished road

Solved Threads: 98

Shanti Chepuru Shanti Chepuru is offline

Offline

Veteran Poster

Re: security using cookies/session variables

Jul 19th, 2008

You just write small logic in one page called login_check.php...
and you must include that file in every page where ever you want security to your page:
like:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<? include("login_check.php"); ?>
<? include("login_check.php"); ?>

In login_check.php:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?
session_start();
if(empty($_SESSION['user_name']))
 {
  header('location:index.php'); 
 }
?>
<?
session_start();
if(empty($_SESSION['user_name']))
 {
  header('location:index.php'); 
 }
?>

Be intelligent, But Don't try to cheat.. Be innocent But Don't get cheated..

•

Join Date: Jun 2008

Posts: 46

Reputation: akshit is an unknown quantity at this point

Solved Threads: 0

akshit

Offline

Light Poster

Re: security using cookies/session variables

Jul 19th, 2008

hi.

thx 4 d reply.

i guess u dint get my equirement totally.

on any page, i want the user to ba able to view the page contents only if

1. he has entered his username AND password
2. both are found to match the actual values

in case either is not true, i redirect him to the login page.

will ur solution help me get this?

pls suggest.

•

Join Date: Jul 2008

Posts: 1,076

Reputation: Shanti Chepuru is on a distinguished road

Solved Threads: 98

Shanti Chepuru Shanti Chepuru is offline

Offline

Veteran Poster

Re: security using cookies/session variables

Jul 19th, 2008

And tel me where you are going to compare your username and password...

I think that is from database...
tel me...

Be intelligent, But Don't try to cheat.. Be innocent But Don't get cheated..

•

Join Date: Jul 2008

Posts: 1,076

Reputation: Shanti Chepuru is on a distinguished road

Solved Threads: 98

Shanti Chepuru Shanti Chepuru is offline

Offline

Veteran Poster

Re: security using cookies/session variables

Jul 19th, 2008

My reply will be the solution for your line...

•

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

Be intelligent, But Don't try to cheat.. Be innocent But Don't get cheated..

•

Join Date: Jul 2008

Posts: 1,076

Reputation: Shanti Chepuru is on a distinguished road

Solved Threads: 98

Shanti Chepuru Shanti Chepuru is offline

Offline

Veteran Poster

Re: security using cookies/session variables

Jul 19th, 2008

And tel me where you are going to compare your username and password...

I think that is from database...
tel me...
here is the code for redirecting if username and password are correct...

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?
session_start(); 
include('functions.php');
 
if($_SERVER['REQUEST_METHOD']=="POST"){
 
	$qer="select * from table where username='".$_POST['username']."' and password='".$_POST['password']."'";
	$res=mysql_query($qer);
	$num=mysql_num_rows($res);
	if($num==0)
		{
			echo'<script language="javascript">window.location.href="anotherpage.php";</script>';
		}
	else if($num==1)
		{
			session_unregister("user_name");
			session_register("user_name");
			$_SESSION['user_name']=$_POST['username'];
 
						echo'<script language="javascript">window.location.href="welcome.php";</script>';
		}
}
?>
<?
session_start(); 
include('functions.php');

if($_SERVER['REQUEST_METHOD']=="POST"){

	$qer="select * from table where username='".$_POST['username']."' and password='".$_POST['password']."'";
	$res=mysql_query($qer);
	$num=mysql_num_rows($res);
	if($num==0)
		{
			echo'<script language="javascript">window.location.href="anotherpage.php";</script>';
		}
	else if($num==1)
		{
			session_unregister("user_name");
			session_register("user_name");
			$_SESSION['user_name']=$_POST['username'];
			
						echo'<script language="javascript">window.location.href="welcome.php";</script>';
		}
}
?>

Be intelligent, But Don't try to cheat.. Be innocent But Don't get cheated..

•

Join Date: Jun 2008

Posts: 46

Reputation: akshit is an unknown quantity at this point

Solved Threads: 0

akshit

Offline

Light Poster

Re: security using cookies/session variables

Jul 19th, 2008

i want to compare the values for username and password with the values stored in a database.

i want this comparison to occur on the login page itself, so that in case either usrnam/passwd is wrong, i do not redirect the user...

pls sugest..

thx