locking down a url

Question

richlacey 0 Newbie Poster

11 Years Ago

Hi there guys, not sure if anyone can help me here. I am creating a basic members site with small gallery and I wish to lockdown the URL somehow.

e.g.

http://domainname.com/memberFiles/8/gallery/gallery_config.php

At the moment all of the other pages are locked down via a session id variable, but I need to be able to only show this page if session ID matches the number 8 in this occasion, if it doesnt I want it to destroy session.

At the moment while Im logged in viewing my gallery I can just change the member number in the browser to say to nine and see someone eles's gallery, not cool.

Hope that make some sense. Thank in advance

Rich

php

2 Contributors
4 Replies
203 Views
4 Days Discussion Span
Latest Post 11 Years Ago Latest Post by richlacey

All 4 Replies

pritaeas 2,194 ¯\_(ツ)_/¯

11 Years Ago

If this is a fixed url, you can use a regular expression to get the 8 out of it. Something like this pattern:

~http://domainname.com/memberFiles/(\d+)/gallery/gallery_config.php~

See preg_match on how to use it.

Edited 11 Years Ago by pritaeas

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

richlacey 0 Newbie Poster · Answer 1 · 2012-06-23T08:59:02+00:00

Thanks for your reply, its a little different. When a new user is created they get a new storage location e.g. numbered directory as seen above. So this changes with every user, I just don't want another user to view this page by changing the URL manually. Does that make sense?

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 2 · 2012-06-23T10:34:44+00:00

Everything else stays the same, except the number right? That is where that regex comes in, it can extract that number from the url, so you can match it against your session.

richlacey 0 Newbie Poster · Answer 3 · 2012-06-26T20:35:06+00:00

if (isset($_SESSION['id'])) {
    // Put stored session variables into local php variable
    $url = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
    $path = parse_url($url);
    $folders = explode("/", $path['path']);
    $galleryuser = ($folders[2]);
    $userid = $_SESSION['id'];
    $username = $_SESSION['username'];
    $toplinks = '<a href="../../../member_profile.php?id=' . $userid . '">' .                $username . '</a> &bull; 
    <a href="../../../member_account.php">Account</a> &bull; 
    <a href="../../../logout.php">Log Out</a>';
} 
if ( $userid == ''.$galleryuser.'' ){
    }
else {
    header('Location: ../../../login.php');
    echo 'Please <a href="login.php">log in</a> to access your account';
    session_destroy(); 
    exit(); 
}

Thanks for your help guys, but I managed to get it working with the above code

Cheers Rich

locking down a url

Recommended Answers Collapse Answers

All 4 Replies

Recommended Answers