secure url

Question

andydeans 0 Junior Poster

14 Years Ago

hi,

i have a site which is secure with a username and password combination with mysql backend database.

the encryption is sha1 for the password.

what about securing the url? at the moment it displays for example:

page_name.php?ID=24

if you modify the ID other users can see other pages they should not be able to.

would it be best to use a script like this:

http://www.phpclasses.org/browse/file/10749.html

many thanks

php

2 Contributors
3 Replies
105 Views
1 Week Discussion Span
Latest Post 14 Years Ago Latest Post by EvolutionFallen

EvolutionFallen 107 Junior Poster

14 Years Ago

You could store the user's ID in the $_SESSION variable and then check if the user's ID matches the ID in the URL, and if not, redirect:

// Whenever you set your $_SESSION info, set:
$_SESSION['user_id'] = $user_id;

// Then, on page_name.php:
session_start();
if($_SESSION['user_id'] != $_GET['ID'])  // If the user is viewing a page that does not match her ID
   header("Location: page_name.php?ID=".$_SESSION['user_id']); // redirect to user's own page.

Edited 14 Years Ago by EvolutionFallen because: typo

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

andydeans 0 Junior Poster · Answer 1 · 2010-08-09T15:54:10+00:00

thanks for the help, i have added this and seems to work.

thanks

EvolutionFallen 107 Junior Poster · Answer 2 · 2010-08-10T22:27:18+00:00

EvolutionFallen 107 Junior Poster

14 Years Ago

Glad to help!