Brad_Armitage
10-14-2005, 09:40 AM
How can I prevent users from browsing to any page they want to on my website by typing in the URL to it in the address bar? I only want them to be able to access the main page (index.php) :D
Click to See Complete Forum and Search --> : View only the main page script?
cwrath
10-14-2005, 10:13 AM
create a user authentification script or if you never wanted them to see the page you could put,
if($_GET[pass]) != 'apassword') {
header('Location: ./index.php');
}
at the top of your page, then when you wanted to access it you would put ?pass=apassword at the end of the address, e.g.
protected.php?pass=apassword
a login form with a POST system would be more secure, but i cant be bothered typing it out
if($_GET[pass]) != 'apassword') {
header('Location: ./index.php');
}
at the top of your page, then when you wanted to access it you would put ?pass=apassword at the end of the address, e.g.
protected.php?pass=apassword
a login form with a POST system would be more secure, but i cant be bothered typing it out
Brad_Armitage
10-14-2005, 10:17 AM
Actually an authentification script is exactly what I'm looking for but I'm havin trouble with one right now, can you give me an example?
NogDog
10-14-2005, 10:20 AM
http://www.charles-reace.com/login_article.html
cwrath
10-14-2005, 10:22 AM
<?php
/**
* Username
*
* @var string
*/
var $username;
/**
* User Email
*
* @var string
*/
var $email;
/**
* User Password
*
* @var String
*/
var $password;
/**
* User Group
*
* @var string
*/
var $group;
/**
* User Access Level
*
* @var string
*/
var $level;
/**
* Constructor method
*
* @param string $username
* @return CTMS_User
*/
function CTMS_User($username = "") {
global $db;
if($username != "") {
$sql = "SELECT * FROM $db[users] WHERE username = '$username'";
$id = runSQL($sql);
$userinfo = mysql_fetch_object($id);
$this->username = $username;
$this->email = $userinfo->email;
$this->password = $userinfo-password;
$this->group = $userinfo->group;
$this->level = $userinfo->level;
}
}
/**
* Create a User (add post info to tables)
*
* @param array $post
* @return boolean
*/
function create($post) {
global $db;
$sql = "INSERT INTO $db[users] VALUES('',
'$post[username]',
'$post[email]',
'$post[password]',
'$post[group]',
'$post[level]' )
";
if(runSQL($sql)) {
return true;
}
else {
return false;
}
}
/**
* Update via REPLACE query a user
*
* @param array $post
* @return boolean
*/
function update($post) {
global $db;
$sql = "REPLACE INTO $db[users] VALUES('',
'$post[username]',
'$post[email]',
'$post[password]',
'$post[group]',
'$post[level]' )
WHERE username = '$post[username]
";
if(runSQL($sql)) {
return true;
}
else {
return false;
}
}
/**
* Delete user record
*
* @param array $post
* @return boolean
*/
function delete($post) {
global $db;
$sql = "DELETE * FROM $db[users] WHERE username = $post[username]";
if(runSQL($sql)) {
return true;
}
else {
return false;
}
}
/**
* Secure a page by requiring sucsessful database-$_SESSION[username]/$_SESSION[password] matches
*
* @param string $level
* @param string $level2
* @param string $level3
*/
function lockPage($level, $level2= '', $level3 ='' ) {
if($_SESSION['username'] == "" ) {
header('Location: ./login.php');
exit();
}
elseif ( ($_SESSION[level] != $level) && ($_SESSION[level] != $level2) && ($_SESSION[level] != $level3) ) {
$this->displayPage('template');
echo '<br><br><strong><center>' . $_SESSION[username] . ', you are not authorised to view this page! </center></strong>';
$this->displayPage('footer');
exit();
}
}
/**
* Fetch user information with checking
*
* @return object
*/
function checkUser() {
global $db;
if( trim($_POST[username]) == "" || trim($_POST[password]) == "") {
echo 'Please complete all fields';
return false;
exit();
}
else {
$sql = "SELECT * FROM $db[users] WHERE username = '$_POST[username]' AND password = '$_POST[password]'";
$id = runSQL($sql);
if(!$id) {
echo 'Username or Password Not Found!';
return false;
exit();
}
else {
$userinfo = mysql_fetch_object($id);
}
}
return $userinfo;
}
/**
* Start session and assign username and level information
*
* @return boolean
*/
function loginUser() {
if(isset($_POST[username])) {
session_start();
$userinfo = $this->checkUser();
$_SESSION['username'] = $userinfo->username;
$_SESSION['level'] = $userinfo->level;
$SID = session_id();
header('Location: index.php?'.$SID.'');
return true;
}
else {
return false;
}
}
}
?>
Not brilliant, i wrote it as a temp one just to check everything was working with a cupple of scripts then i added to and rewrote parts
/**
* Username
*
* @var string
*/
var $username;
/**
* User Email
*
* @var string
*/
var $email;
/**
* User Password
*
* @var String
*/
var $password;
/**
* User Group
*
* @var string
*/
var $group;
/**
* User Access Level
*
* @var string
*/
var $level;
/**
* Constructor method
*
* @param string $username
* @return CTMS_User
*/
function CTMS_User($username = "") {
global $db;
if($username != "") {
$sql = "SELECT * FROM $db[users] WHERE username = '$username'";
$id = runSQL($sql);
$userinfo = mysql_fetch_object($id);
$this->username = $username;
$this->email = $userinfo->email;
$this->password = $userinfo-password;
$this->group = $userinfo->group;
$this->level = $userinfo->level;
}
}
/**
* Create a User (add post info to tables)
*
* @param array $post
* @return boolean
*/
function create($post) {
global $db;
$sql = "INSERT INTO $db[users] VALUES('',
'$post[username]',
'$post[email]',
'$post[password]',
'$post[group]',
'$post[level]' )
";
if(runSQL($sql)) {
return true;
}
else {
return false;
}
}
/**
* Update via REPLACE query a user
*
* @param array $post
* @return boolean
*/
function update($post) {
global $db;
$sql = "REPLACE INTO $db[users] VALUES('',
'$post[username]',
'$post[email]',
'$post[password]',
'$post[group]',
'$post[level]' )
WHERE username = '$post[username]
";
if(runSQL($sql)) {
return true;
}
else {
return false;
}
}
/**
* Delete user record
*
* @param array $post
* @return boolean
*/
function delete($post) {
global $db;
$sql = "DELETE * FROM $db[users] WHERE username = $post[username]";
if(runSQL($sql)) {
return true;
}
else {
return false;
}
}
/**
* Secure a page by requiring sucsessful database-$_SESSION[username]/$_SESSION[password] matches
*
* @param string $level
* @param string $level2
* @param string $level3
*/
function lockPage($level, $level2= '', $level3 ='' ) {
if($_SESSION['username'] == "" ) {
header('Location: ./login.php');
exit();
}
elseif ( ($_SESSION[level] != $level) && ($_SESSION[level] != $level2) && ($_SESSION[level] != $level3) ) {
$this->displayPage('template');
echo '<br><br><strong><center>' . $_SESSION[username] . ', you are not authorised to view this page! </center></strong>';
$this->displayPage('footer');
exit();
}
}
/**
* Fetch user information with checking
*
* @return object
*/
function checkUser() {
global $db;
if( trim($_POST[username]) == "" || trim($_POST[password]) == "") {
echo 'Please complete all fields';
return false;
exit();
}
else {
$sql = "SELECT * FROM $db[users] WHERE username = '$_POST[username]' AND password = '$_POST[password]'";
$id = runSQL($sql);
if(!$id) {
echo 'Username or Password Not Found!';
return false;
exit();
}
else {
$userinfo = mysql_fetch_object($id);
}
}
return $userinfo;
}
/**
* Start session and assign username and level information
*
* @return boolean
*/
function loginUser() {
if(isset($_POST[username])) {
session_start();
$userinfo = $this->checkUser();
$_SESSION['username'] = $userinfo->username;
$_SESSION['level'] = $userinfo->level;
$SID = session_id();
header('Location: index.php?'.$SID.'');
return true;
}
else {
return false;
}
}
}
?>
Not brilliant, i wrote it as a temp one just to check everything was working with a cupple of scripts then i added to and rewrote parts
Brad_Armitage
10-14-2005, 10:43 AM
Thanks guys, I'll give that a try cwrath :)
cwrath
10-14-2005, 10:46 AM
it is object orientated so you will need to open with
class Something
note all db info is stored in the array $db
and my function runSQL connects to the database, runs $sql, closes the connection a returns the result. (said function is not included).
I would look at the last few functions and base some of your own on them the create/update stuff you can write yourself.
As i said it isnt brilliant but its a start
class Something
note all db info is stored in the array $db
and my function runSQL connects to the database, runs $sql, closes the connection a returns the result. (said function is not included).
I would look at the last few functions and base some of your own on them the create/update stuff you can write yourself.
As i said it isnt brilliant but its a start
webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved.
Copyright Internet.com Inc., All Rights Reserved.