DamienRoche Posted August 19, 2008 Share Posted August 19, 2008 I have been using a simple method for protecting secure pages on my website. I have a login screen.....The user logs in. The credentials are checked....but using php on the secure page. If the credentials are wrong or incorrect, I simply show one div and hide the page using css. Thing is, I can't suss out how to secure this. You can disable css, you can disable javascript. The only thing you can't disable is php. So how would I secure this with php? I've tried user header(); but I can't use it in an if statement. Has anyone got any advice on how I should secure this? Thanks. Quote Link to comment Share on other sites More sharing options...
Mchl Posted August 19, 2008 Share Posted August 19, 2008 Redirect to empty page I've tried user header(); but I can't use it in an if statement. Why? Quote Link to comment Share on other sites More sharing options...
DamienRoche Posted August 19, 2008 Author Share Posted August 19, 2008 I don't know..? it just says that the header has already been set..I read you can only use a redirect before any HTML. This was within a php if statement in the body tag. My php skills are dreadful. I have sussed it any way. So for anyone else having trouble.. My problem was that I was not merging the html with the php. Here's how it should of been done: <?php //check credentials //if correct...continue if (){ do stuff; //do not close if statement ?> <html> <body> secure content here. </body> </html> <?php //end the if statement from before the HTML } else { wrong login info } ?> I'm stupid, I know. That's probably rough around the edges and it's possibly the simplest thing you can do with php...sad. Thanks for helping me out any way. Quote Link to comment Share on other sites More sharing options...
Lamez Posted August 19, 2008 Share Posted August 19, 2008 you could use exit, it will stop loading the rest of the page, so you will want it at the top <?php if (wrong info){ echo "Wrong Information"; exit; }else{ echo "Welcome!"; } ?> Quote Link to comment Share on other sites More sharing options...
Mchl Posted August 19, 2008 Share Posted August 19, 2008 I don't know..? it just says that the header has already been set..I read you can only use a redirect before any HTML. This was within a php if statement in the body tag. My php skills are dreadful. I have sussed it any way. So for anyone else having trouble.. My problem was that I was not merging the html with the php. Here's how it should of been done: Yes. Header can only be set before any HTML is out, so you should check credentials at the very top of your page and use header("Location: http://myhost/notlogged.html"); Better yet, create separate script, that you will include on top of every page which will check if user is logged in, and redirect him to proper page if he/she isn't. <? require_once('secure.php'); //rest of your script ?> <?php /** secure.php */ /* That's just very simplified example */ if(!$loggedIn) header("Location: http://myhost/notlogged.html"); exit; Separating php from html isn't bad. In fact you should try to do it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.