Basic password protection

da_mic_1530

da_mic_1530

da_mic_1530

Soldato
Joined
31 Oct 2005
Posts
8,845
Location
Leeds
Hi there, just looking for a bit of advice

Basically I have my website located

http://micholden.site50.net/

As you can see it's pretty basic but I'm learning

Anyway when you click on NUFC SHOP or

http://micholden.site50.net/shopaccess.html

You are required to log in (try ocuk and ocuk for user and passwords)

Works fine

BUT if you know the filepath you can bypass security

Example

http://micholden.site50.net/account.php

How do I go about making sure the account.php page only is viewable if you have logged in?

So far I have a very basic PHP script that looks at the login info provided, then looks to see if this matches the SQL database and redirects

Cheers for anyhelp
 
I don't know how it's done in PHP as i work in ASP, but what you need to use is sessions.

When the user logs in you need to set a session variable that confirms that the login is valid. Then at the top of each secure page you need to check that the session variable still exists. If it does, all well and good, if not the user should be taken back to the login screen.
 
Spunkey said:
I don't know how it's done in PHP as i work in ASP, but what you need to use is sessions.

When the user logs in you need to set a session variable that confirms that the login is valid. Then at the top of each secure page you need to check that the session variable still exists. If it does, all well and good, if not the user should be taken back to the login screen.
Click to expand...

cheers, just discovered this and I am investigating

Will no doubt report back later, have something to go on now though:D
 
You must log in or register to reply here.
Back
Top Bottom