Jump to content

[SOLVED] Seriously!? How do you make secure pages, secure?


Recommended Posts

I have been using a simple method for protecting secure pages on my website.

 

I have a login screen.....The user logs in.

The credentials are checked....but using php on the secure page.

If the credentials are wrong or incorrect, I simply show one div and hide the page using css.

 

Thing is, I can't suss out how to secure this. You can disable css, you can disable javascript. The only thing you can't disable is php. So how would I secure this with php?

 

I've tried user header(); but I can't use it in an if statement.

 

Has anyone got any advice on how I should secure this? Thanks.

I don't know..? it just says that the header has already been set..I read you can only use a redirect before any HTML. This was within a php if statement in the body tag.

 

My php skills are dreadful. I have sussed it any way. So for anyone else having trouble..

 

My problem was that I was not merging the html with the php.

 

Here's how it should of been done:

 

<?php


//check credentials


//if correct...continue
if (){
do stuff;


//do not close if statement

?>

<html>
<body> 

secure content here.

</body>
</html>

<?php

//end the if statement from before the HTML

}
else {
wrong login info
}

?>

 

I'm stupid, I know. That's probably rough around the edges and it's possibly the simplest thing you can do with php...sad.

 

Thanks for helping me out any way.

 

I don't know..? it just says that the header has already been set..I read you can only use a redirect before any HTML. This was within a php if statement in the body tag.

 

My php skills are dreadful. I have sussed it any way. So for anyone else having trouble..

 

My problem was that I was not merging the html with the php.

 

Here's how it should of been done:

 

Yes. Header can only be set before any HTML is out, so you should check credentials at the very top of your page and use

header("Location: http://myhost/notlogged.html");

 

Better yet, create separate script, that you will include on top of every page which will check if user is logged in, and redirect him to proper page if he/she isn't.

 

<?
require_once('secure.php');

//rest of your script
?>

 

<?php
/** secure.php */
/* That's just very simplified example  */
if(!$loggedIn) header("Location: http://myhost/notlogged.html");
exit;

 

 

Separating php from html isn't bad. In fact you should try to do it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.