Jump to content

[SOLVED] Seriously!? How do you make secure pages, secure?


DamienRoche

Recommended Posts

I have been using a simple method for protecting secure pages on my website.

 

I have a login screen.....The user logs in.

The credentials are checked....but using php on the secure page.

If the credentials are wrong or incorrect, I simply show one div and hide the page using css.

 

Thing is, I can't suss out how to secure this. You can disable css, you can disable javascript. The only thing you can't disable is php. So how would I secure this with php?

 

I've tried user header(); but I can't use it in an if statement.

 

Has anyone got any advice on how I should secure this? Thanks.

I don't know..? it just says that the header has already been set..I read you can only use a redirect before any HTML. This was within a php if statement in the body tag.

 

My php skills are dreadful. I have sussed it any way. So for anyone else having trouble..

 

My problem was that I was not merging the html with the php.

 

Here's how it should of been done:

 

<?php


//check credentials


//if correct...continue
if (){
do stuff;


//do not close if statement

?>

<html>
<body> 

secure content here.

</body>
</html>

<?php

//end the if statement from before the HTML

}
else {
wrong login info
}

?>

 

I'm stupid, I know. That's probably rough around the edges and it's possibly the simplest thing you can do with php...sad.

 

Thanks for helping me out any way.

 

I don't know..? it just says that the header has already been set..I read you can only use a redirect before any HTML. This was within a php if statement in the body tag.

 

My php skills are dreadful. I have sussed it any way. So for anyone else having trouble..

 

My problem was that I was not merging the html with the php.

 

Here's how it should of been done:

 

Yes. Header can only be set before any HTML is out, so you should check credentials at the very top of your page and use

header("Location: http://myhost/notlogged.html");

 

Better yet, create separate script, that you will include on top of every page which will check if user is logged in, and redirect him to proper page if he/she isn't.

 

<?
require_once('secure.php');

//rest of your script
?>

 

<?php
/** secure.php */
/* That's just very simplified example  */
if(!$loggedIn) header("Location: http://myhost/notlogged.html");
exit;

 

 

Separating php from html isn't bad. In fact you should try to do it.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.