Member Avatar for akshit

hey guys.

i hav this page (a.php), where i ask te user for his username and password. I match these with static values, and upon succesful matching, i redirect the user to b.php.

my prob-

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

will that not SHATTER my security??

how can i implement security so that if some1 has not signed in (on a.php) and directly enters the url of b.php, he is

1. sent back to (a.php)

or

2. nothing is displayed on b.php


pls. help

thanks a lot.

  • 2 Contributors
  • 7 Replies
  • 159 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by Shanti C
Member Avatar for Shanti C

You just write small logic in one page called login_check.php...
and you must include that file in every page where ever you want security to your page:
like:

<? include("login_check.php"); ?>

In login_check.php:

<?
session_start();
if(empty($_SESSION['user_name']))
 {
  header('location:index.php'); 
 }
?>
Member Avatar for akshit

hi.

thx 4 d reply.

i guess u dint get my equirement totally.

on any page, i want the user to ba able to view the page contents only if

1. he has entered his username AND password
2. both are found to match the actual values

in case either is not true, i redirect him to the login page.

will ur solution help me get this?

pls suggest.

Member Avatar for Shanti C

My reply will be the solution for your line...

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

Member Avatar for Shanti C

And tel me where you are going to compare your username and password...

I think that is from database...
tel me...

Member Avatar for Shanti C

And tel me where you are going to compare your username and password...

I think that is from database...
tel me...
here is the code for redirecting if username and password are correct...

<?
session_start(); 
include('functions.php');

if($_SERVER['REQUEST_METHOD']=="POST"){

	$qer="select * from table where username='".$_POST['username']."' and password='".$_POST['password']."'";
	$res=mysql_query($qer);
	$num=mysql_num_rows($res);
	if($num==0)
		{
			echo'<script language="javascript">window.location.href="anotherpage.php";</script>';
		}
	else if($num==1)
		{
			session_unregister("user_name");
			session_register("user_name");
			$_SESSION['user_name']=$_POST['username'];
			
						echo'<script language="javascript">window.location.href="welcome.php";</script>';
		}
}
?>
Member Avatar for akshit

i want to compare the values for username and password with the values stored in a database.

i want this comparison to occur on the login page itself, so that in case either usrnam/passwd is wrong, i do not redirect the user...

pls sugest..

thx

Member Avatar for Shanti C

see above answer which i have posted...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.