security using cookies/session variables

hey guys.

i hav this page (a.php), where i ask te user for his username and password. I match these with static values, and upon succesful matching, i redirect the user to b.php.

my prob-

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

will that not SHATTER my security??

how can i implement security so that if some1 has not signed in (on a.php) and directly enters the url of b.php, he is

1. sent back to (a.php)

or

2. nothing is displayed on b.php

pls. help

thanks a lot.

akshit

Light Poster

46 posts since Jun 2008

Reputation Points: 10

Solved Threads: 0

3 Years Ago

0

You just write small logic in one page called login_check.php...
and you must include that file in every page where ever you want security to your page:
like:

<? include("login_check.php"); ?>

In login_check.php:

<?
session_start();
if(empty($_SESSION['user_name']))
 {
  header('location:index.php'); 
 }
?>

Shanti C

Posting Virtuoso

1,642 posts since Jul 2008

Reputation Points: 137

Solved Threads: 162

3 Years Ago

0

hi.

thx 4 d reply.

i guess u dint get my equirement totally.

on any page, i want the user to ba able to view the page contents only if

1. he has entered his username AND password
2. both are found to match the actual values

in case either is not true, i redirect him to the login page.

will ur solution help me get this?

pls suggest.

akshit

Light Poster

46 posts since Jun 2008

Reputation Points: 10

Solved Threads: 0

3 Years Ago

0

And tel me where you are going to compare your username and password...

I think that is from database...
tel me...

Shanti C

Posting Virtuoso

1,642 posts since Jul 2008

Reputation Points: 137

Solved Threads: 162

3 Years Ago

0

My reply will be the solution for your line...

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

Shanti C

Posting Virtuoso

1,642 posts since Jul 2008

Reputation Points: 137

Solved Threads: 162

3 Years Ago

0

And tel me where you are going to compare your username and password...

I think that is from database...
tel me...
here is the code for redirecting if username and password are correct...

<?
session_start(); 
include('functions.php');

if($_SERVER['REQUEST_METHOD']=="POST"){

	$qer="select * from table where username='".$_POST['username']."' and password='".$_POST['password']."'";
	$res=mysql_query($qer);
	$num=mysql_num_rows($res);
	if($num==0)
		{
			echo'<script language="javascript">window.location.href="anotherpage.php";</script>';
		}
	else if($num==1)
		{
			session_unregister("user_name");
			session_register("user_name");
			$_SESSION['user_name']=$_POST['username'];
			
						echo'<script language="javascript">window.location.href="welcome.php";</script>';
		}
}
?>

Shanti C

Posting Virtuoso

1,642 posts since Jul 2008

Reputation Points: 137

Solved Threads: 162

3 Years Ago

0

i want to compare the values for username and password with the values stored in a database.

i want this comparison to occur on the login page itself, so that in case either usrnam/passwd is wrong, i do not redirect the user...

pls sugest..

thx

akshit