hey guys.

i hav this page (a.php), where i ask te user for his username and password. I match these with static values, and upon succesful matching, i redirect the user to b.php.

my prob-

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

will that not SHATTER my security??

how can i implement security so that if some1 has not signed in (on a.php) and directly enters the url of b.php, he is

1. sent back to (a.php)

or

2. nothing is displayed on b.php


pls. help

thanks a lot.

Recommended Answers

All 7 Replies

You just write small logic in one page called login_check.php...
and you must include that file in every page where ever you want security to your page:
like:

<? include("login_check.php"); ?>

In login_check.php:

<?
session_start();
if(empty($_SESSION['user_name']))
 {
  header('location:index.php'); 
 }
?>

hi.

thx 4 d reply.

i guess u dint get my equirement totally.

on any page, i want the user to ba able to view the page contents only if

1. he has entered his username AND password
2. both are found to match the actual values

in case either is not true, i redirect him to the login page.

will ur solution help me get this?

pls suggest.

My reply will be the solution for your line...

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

And tel me where you are going to compare your username and password...

I think that is from database...
tel me...

And tel me where you are going to compare your username and password...

I think that is from database...
tel me...
here is the code for redirecting if username and password are correct...

<?
session_start(); 
include('functions.php');

if($_SERVER['REQUEST_METHOD']=="POST"){

	$qer="select * from table where username='".$_POST['username']."' and password='".$_POST['password']."'";
	$res=mysql_query($qer);
	$num=mysql_num_rows($res);
	if($num==0)
		{
			echo'<script language="javascript">window.location.href="anotherpage.php";</script>';
		}
	else if($num==1)
		{
			session_unregister("user_name");
			session_register("user_name");
			$_SESSION['user_name']=$_POST['username'];
			
						echo'<script language="javascript">window.location.href="welcome.php";</script>';
		}
}
?>

i want to compare the values for username and password with the values stored in a database.

i want this comparison to occur on the login page itself, so that in case either usrnam/passwd is wrong, i do not redirect the user...

pls sugest..

thx

see above answer which i have posted...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.