943,703 Members | Top Members by Rank

Web Development > PHP > security using cookies/session variables
Ad:
  • PHP Discussion Thread
  • Unsolved
  • Views: 1760
  • PHP RSS
Permalink
Jul 19th, 2008
0

security using cookies/session variables

Expand Post »
hey guys.

i hav this page (a.php), where i ask te user for his username and password. I match these with static values, and upon succesful matching, i redirect the user to b.php.

my prob-

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

will that not SHATTER my security??

how can i implement security so that if some1 has not signed in (on a.php) and directly enters the url of b.php, he is

1. sent back to (a.php)

or

2. nothing is displayed on b.php


pls. help

thanks a lot.
Similar Threads
Reputation Points: 10
Solved Threads: 0
Light Poster
akshit is offline Offline
46 posts
since Jun 2008
Permalink
Jul 19th, 2008
0

Re: security using cookies/session variables

You just write small logic in one page called login_check.php...
and you must include that file in every page where ever you want security to your page:
like:
php Syntax (Toggle Plain Text)
  1. <? include("login_check.php"); ?>


In login_check.php:
php Syntax (Toggle Plain Text)
  1. <?
  2. session_start();
  3. if(empty($_SESSION['user_name']))
  4.  {
  5.   header('location:index.php'); 
  6.  }
  7. ?>
Reputation Points: 137
Solved Threads: 162
Posting Virtuoso
Shanti C is offline Offline
1,641 posts
since Jul 2008
Permalink
Jul 19th, 2008
0

Re: security using cookies/session variables

hi.

thx 4 d reply.

i guess u dint get my equirement totally.

on any page, i want the user to ba able to view the page contents only if

1. he has entered his username AND password
2. both are found to match the actual values

in case either is not true, i redirect him to the login page.

will ur solution help me get this?

pls suggest.
Reputation Points: 10
Solved Threads: 0
Light Poster
akshit is offline Offline
46 posts
since Jun 2008
Permalink
Jul 19th, 2008
0

Re: security using cookies/session variables

And tel me where you are going to compare your username and password...

I think that is from database...
tel me...
Reputation Points: 137
Solved Threads: 162
Posting Virtuoso
Shanti C is offline Offline
1,641 posts
since Jul 2008
Permalink
Jul 19th, 2008
0

Re: security using cookies/session variables

My reply will be the solution for your line...

Quote ...
what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???
Reputation Points: 137
Solved Threads: 162
Posting Virtuoso
Shanti C is offline Offline
1,641 posts
since Jul 2008
Permalink
Jul 19th, 2008
0

Re: security using cookies/session variables

And tel me where you are going to compare your username and password...

I think that is from database...
tel me...
here is the code for redirecting if username and password are correct...
php Syntax (Toggle Plain Text)
  1. <?
  2. session_start(); 
  3. include('functions.php');
  4.  
  5. if($_SERVER['REQUEST_METHOD']=="POST"){
  6.  
  7. 	$qer="select * from table where username='".$_POST['username']."' and password='".$_POST['password']."'";
  8. 	$res=mysql_query($qer);
  9. 	$num=mysql_num_rows($res);
  10. 	if($num==0)
  11. 		{
  12. 			echo'<script language="javascript">window.location.href="anotherpage.php";</script>';
  13. 		}
  14. 	else if($num==1)
  15. 		{
  16. 			session_unregister("user_name");
  17. 			session_register("user_name");
  18. 			$_SESSION['user_name']=$_POST['username'];
  19.  
  20. 						echo'<script language="javascript">window.location.href="welcome.php";</script>';
  21. 		}
  22. }
  23. ?>
Reputation Points: 137
Solved Threads: 162
Posting Virtuoso
Shanti C is offline Offline
1,641 posts
since Jul 2008
Permalink
Jul 19th, 2008
0

Re: security using cookies/session variables

i want to compare the values for username and password with the values stored in a database.

i want this comparison to occur on the login page itself, so that in case either usrnam/passwd is wrong, i do not redirect the user...

pls sugest..

thx
Reputation Points: 10
Solved Threads: 0
Light Poster
akshit is offline Offline
46 posts
since Jun 2008
Permalink
Jul 19th, 2008
0

Re: security using cookies/session variables

see above answer which i have posted...
Reputation Points: 137
Solved Threads: 162
Posting Virtuoso
Shanti C is offline Offline
1,641 posts
since Jul 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: how can i fix may website data base??????????????
Next Thread in PHP Forum Timeline: dynamic form generation in PHP





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC