Member Avatar for lydia21

i have created a application ...when i give the URL of the second page the page is getting displayed...but i want all the user to enter the application only from the first page where it check whether the user is valid.... what should i do to make my application more secure

  • 3 Contributors
  • 4 Replies
  • 93 Views
  • 8 Hours Discussion Span
  • Latest Post Latest Post by nav33n
Member Avatar for nav33n

Add sessions. If the user enters his username and password in the first page, add his username to the session(if he is a valid user). Then just add a condition,

if(! isset($_SESSION['username'])){ echo " You have to go back to page 1 and enter your username..."; exit }
Member Avatar for vssp

if session variable is blank using heder to function to redirect the page

Member Avatar for lydia21

hi,
it is displaying the print statement even if he is a valid user
if(! isset($_SESSION)){ echo " You have to go back to page 1 and enter your username..."; exit ;}

i have attached the forms in which i tried...........

<?php
session_start();
?>
<html>
<head></head>
<body><?php

$myusername=$_POST['myusername'];
$_session['name']=$myusername;
$mypassword=$_POST['mypassword'];

if ($myusername=="asfd" && $mypassword=="asdf")
{
print "<script language=\"JavaScript\">";
print "window.location = 'http://viewuser.php'";
print "</script>";
}
else
{
print "<script language=\"JavaScript\">";
print "window.location = 'http://start.php'";
print "</script>";
}
?>
</body>
</html>
<?php
session_start();
?>
<? if(! isset($_SESSION['username'])){ echo " You have to go back to page 1 and enter your username..."; exit; } ?>
<html>
<head>
</head>
<body>
<form>
<div align='center'>
<table>
<tr><td><a href="http://emil.php">Email to All</a></td>

<td>&nbsp;&nbsp;</td>
<td><a href="http://send.php">Email to Core Group</a></td>
<td>&nbsp;&nbsp;</td>
<td><a href="http://user.php">Create User</a></td></tr>
</div>



</table>
<div align='center'>
<p>&nbsp;</p>
<?php


$link=mysql_connect($hostname, $username, $password);
mysql_select_db($dbid) or die("unable to connect");

echo "<table width='60%'>";
$result=mysql_query("SELECT id,name,email FROM member");
print "<tr><td><font face='Times New Roman' color='#008080' size='3'><strong>LIST OF MEMBERS</strong></font></td></tr>";
print "<tr><td bgcolor='#008080'><font face='Times New Roman' color='#FFFFFF' size='2'><strong>Name</strong></font> </td>
<td bgcolor='#008080'><font face='Times New Roman' color='#FFFFFF' size='2'><strong>Email</strong></font> </td></tr>";

for ($i = 0; $i < mysql_num_rows($result); ++$i)
{

$line = mysql_fetch_row($result);
print "<tr><td><a href='welcome.php?id=".$line[0]."'>".$line[1]."</td><td>".$line[2]."</td></tr>";
print "<tr><td bgcolor='#008080'></td><td bgcolor='#008080'></td></tr>";

}


echo "</table>";

mysql_close($link);
?>
</div>


</form>
</body>
</html>
Member Avatar for nav33n

:icon_rolleyes: In start1.php, you are adding name to the session. But in viewuser.php, you are checking for username !?!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.