www.webdeveloper.com
Results 1 to 7 of 7

Thread: Stopping Just Anyone From Viewing Pages

  1. #1
    Join Date
    May 2003
    Location
    Australia
    Posts
    368

    Stopping Just Anyone From Viewing Pages

    Hi all,

    Ok well I set up a username/password scenario and was able to get it to work and the add the header to the main.php page, which loaded if the user/pass is correct. But then I realised I can access any of the pages just by typing in the link directly... What do I need to add, so that if people link to the page they need to login first...???

  2. #2
    Join Date
    Mar 2007
    Posts
    3
    If there is just one person logging in, use a .htaccess to setup who can access it. Otherwise, just create a file called "check.php" and make that check to see if the person has privilege to access the page. If they don't do a header to another page.

  3. #3
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,739
    Very basic! In each file add something like:
    PHP Code:
    require_once($_SERVER['DOCUMENT_ROOT'].'/../templates/functions.php');  // path to your user functions
    AccessControlled(); 
    In that file there is a function that looks something like:
    PHP Code:
    function AccessControlled()
    {
        
    session_start();
        if(!((isset(
    $_SESSION['logged_in'])) and ($_SESSION['logged_in'] === true) and (isset($_SESSION['id'])) and (is_numeric($_SESSION['id']))))
        {
            
    $_SESSION['referer'] = $_SERVER['REQUEST_URI'];
            die(
    header('Location: http://'.$_SERVER['HTTP_HOST'].str_replace(basename($_SERVER['PHP_SELF']), ''$_SERVER['PHP_SELF']).'login.php'));
        }

    Obviously the exact details depend on your loggin system.

  4. #4
    Join Date
    May 2003
    Location
    Australia
    Posts
    368
    Cool thanks heaps! I have opendb.php and configure.php on top of all my pages could I add it into configure.php?

  5. #5
    Join Date
    May 2003
    Location
    Australia
    Posts
    368
    Quote Originally Posted by bokeh
    Very basic! In each file add something like:
    PHP Code:
    require_once($_SERVER['DOCUMENT_ROOT'].'/../templates/functions.php');  // path to your user functions
    AccessControlled(); 
    In that file there is a function that looks something like:
    PHP Code:
    function AccessControlled()
    {
        
    session_start();
        if(!((isset(
    $_SESSION['logged_in'])) and ($_SESSION['logged_in'] === true) and (isset($_SESSION['id'])) and (is_numeric($_SESSION['id']))))
        {
            
    $_SESSION['referer'] = $_SERVER['REQUEST_URI'];
            die(
    header('Location: http://'.$_SERVER['HTTP_HOST'].str_replace(basename($_SERVER['PHP_SELF']), ''$_SERVER['PHP_SELF']).'login.php'));
        }

    Obviously the exact details depend on your loggin system.
    Actually it worked once and took me to the main.php page when I clicked a link I had to login again, and now I can't actually login. It's not telling me the username/password are wrong it's just taking me back to the login page... Any ideaS?
    Last edited by tomyknoker; 03-13-2007 at 04:22 PM.

  6. #6
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,739

  7. #7
    Join Date
    May 2003
    Location
    Australia
    Posts
    368
    This is my original login page
    <?php
    // we must never forget to start the session
    session_start();

    $errorMessage = '';
    if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
    include 'library/config.php';
    include 'library/opendb.php';

    $userId = $_POST['txtUserId'];
    $password = $_POST['txtPassword'];

    // check if the user id and password combination exist in database

    $result = mysql_query("SELECT * FROM tbladministrators WHERE username='$userId' && PASSWORD = '$password'")or die(mysql_error());

    if (mysql_num_rows($result) == 1) {
    // the user id and password match,
    // set the session
    $_SESSION['db_is_logged_in'] = true;

    // after login we move to the main page
    header('Location: mlist.php');
    exit;
    } else {
    $errorMessage = 'Sorry, wrong user id / password';
    }

    include 'library/closedb.php';
    }
    ?>
    <html>
    <head>
    <title>Club Suntory Administration</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    </head>

    <body>
    <?php
    if ($errorMessage != '') {
    ?>
    <p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
    <?php
    }
    ?>
    <form action="" method="post" name="frmLogin" id="frmLogin">
    <table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
    <tr>
    <td width="150">User Id</td>
    <td><input name="txtUserId" type="text" id="txtUserId"></td>
    </tr>
    <tr>
    <td width="150">Password</td>
    <td><input name="txtPassword" type="password" id="txtPassword"></td>
    </tr>
    <tr>
    <td width="150">&nbsp;</td>
    <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
    </tr>
    </table>
    </form>
    </body>
    </html>

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles