How do I set the session on a page, so that if I were to type the direct link for the page into the address bar, it doesn't display, instead the user would be redirected to the homepage or login page?
maydhyam 38 Posting Pro :)
rgviza 8 Light Poster
you need to add a session checker to everything...
pseudocode:
if([user is not logged in])
{
header("Location: /login.php\r\n");
}Determining what an authenticated session is is more or less unique to every implementation so that check depends on how you define "valid". By default, I'm pretty sure php always starts a session if autostart is set, so simply checking for a started session is no good. You need to look at something that only authenticated users have in their session or you are just slowing an attacker down.
-r
maydhyam 38 Posting Pro :)
Hi,
Is the following piece of code what you are talking about?
<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
$name = $_SESSION['username'];
header("Location: DatabaseRecorder.php");
}
?> Vai 2 Junior Poster in Training
I used the following code:
<?php
session_start();
if (empty($_SESSION['username']))
{
header("location:index.php");
exit;
}
?> maydhyam 38 Posting Pro :)
here is what i have on my login page...:
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;
logininfo();
header("Location: apHome.php");
here is what i have on my home page...:
<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
$name = $_SESSION['username'];
}
?>
i have other pages linked from this homepage, and i want to include them in this session ( so that even if i type the direct link in the address bar, i would ot be able to access the page)...
Vai 2 Junior Poster in Training
Here is what I suggest:
Create a page called secure.php
add the following code as it is: ONLY change " your_login_page "
<?php
session_start();
if (empty($_SESSION['username']))
{
header("location:your_login_page.php");
exit;
}
?>
Then in your other pages that you want secure, add:
<?php
require_once('secure.php');
?>
here is what i have on my login page...:
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;
logininfo();
header("Location: apHome.php");
here is what i have on my home page...:
<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
$name = $_SESSION['username'];
}
?>
i have other pages linked from this homepage, and i want to include them in this session ( so that even if i type the direct link in the address bar, i would ot be able to access the page)...
maydhyam commented: Good work, well done... :) +1
maydhyam 38 Posting Pro :)
So I created secure.php and also in my apHome.php script, i added the code snippet you told me to...and when i typed the direct link into the address bar to open apHome.php....I am getting the "Internet Explorer cannot display the webpage" message..so this is how it is done? the hiding/protection of the page "apHome.php"?
maydhyam 38 Posting Pro :)
Hey,
I typed the incorrect page name in the header....I corrected it, and now it works...I just want to make sure and enter it into my other pages, and verify that they all work...
I'll keep you posted...
May
maydhyam 38 Posting Pro :)
Hey Vai,
So I put the piece of code into all my pages, and they worked nicely...I now understand how to set the sessions for my application....Thanks...
May
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.