#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    3
    Rep Power
    0

    Login requirement issues


    I'm trying to make a page that reqires a login to activate. I have constructed the code so far so that from the index file (localhost/PhpProject1/index.php) the login rejects an incorrect username/password combo and accepts a correct one. if everything is good, it will redirect the user to the content page (localhost/PhpProject1/content.php). However, if a user simply goes to the content URL directly, they can access everything unquestioned. How do I prevent this?
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,600
    Rep Power
    595
    You need to use a session. Once the login has been verified, set it in a session variable. Check that variable on each page you want to secure and if the login is invalid, redirect to the login page.

    Comments on this post

    • richpri agrees : The sticky security thread at the top of this forum should be hard to miss.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    C'mon, this is one of the most basic functions of a website. Open Google, type in "php login system", and you're done. You can also search this forum or open the PHP manual or any tutorial on this planet.

    Here, let me help you:
    http://lmgtfy.com/?q=php+login+system

    To get a secure login system, check this tutorial two clicks above your thread:
    How to program a basic but secure login system using PHP and MySQL

    I mean, I understand that you're new to PHP, but this takes nothing more than 10 seconds of "research". Any kid does that in school. So please take a few minutes of your own time before you ask others for help.

    It might also be a good idea to buy a book covering the basics of web development.

    Comments on this post

    • Strider64 agrees
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    1
    Rep Power
    0

    Hi Try this


    Originally Posted by js404
    I'm trying to make a page that reqires a login to activate. I have constructed the code so far so that from the index file (localhost/PhpProject1/index.php) the login rejects an incorrect username/password combo and accepts a correct one. if everything is good, it will redirect the user to the content page (localhost/PhpProject1/content.php). However, if a user simply goes to the content URL directly, they can access everything unquestioned. How do I prevent this?
    Hi Try This

    91weblessons.com/php-ajax-login-validation-tutorial/

    Comments on this post

    • ptr2void disagrees

IMN logo majestic logo threadwatch logo seochat tools logo