• hbk

    MemberJul 18, 2008

    Security using session variables

    hey guys.

    i hav this page (a.php), where i ask te user for his username and password. I match these with static values, and upon succesful matching, i redirect the user to b.php.

    my prob-

    what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

    will that not SHATTER my security??

    how can i implement security so that if some1 has not signed in (on a.php) and directly enters the url of b.php, he is

    1. sent back to (a.php)
    2. nothing is displayed on b.php

    pls. help

    thanks a lot.
Howdy guest!
Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.
  • Prasad Ajinkya

    MemberJul 20, 2008

    Hi hbk,

    Obviously, you are on the first step to making a XAMP based web application. Welcome 😀

    A quick and dirty method is to have a authentication mechanism in b.php, which will check for the username and password submitted in form of a.php. Once the user is authenticated, then you can set a session variable userid = <user_id>.

    Now, every page after the authentication takes place, you need to check one thing, <user_id> is present in session or not. If it is, then the user is authenticated, if it isnt, then the user is not authenticated (redirect to login).

    Are you sure? This action cannot be undone.
  • Prasad Ajinkya

    MemberJul 20, 2008

    An addendum, you keep this checking in a file called as the header.php file, and include it in all the files instead of copy-pasting the codelet in each file.
    Are you sure? This action cannot be undone.
Home Channels Search Login Register