amplexus Posted September 6, 2010 Share Posted September 6, 2010 hi everyone. I'm using some session scripting to allow access to a page only from a page that is password protected.everything works just dandy, except for this... if someone is on the page, and refreshes, it destroys the session. requires the password. that part is okay. if you then enter the password incorrectly, you are bumped not to the original referring page, passlist.php, but to the site index. at that point from the site index, if you type the url into the bar, or use a shortcut, you are allowed passcode free access to the page. the site index is an html page, not PHP, and no session setting or variable passing can occur, right? here's the code on the original page, the one you can only get to through a referring page( at least, should only) <?php session_start(); if(empty($_SESSION['logged'])) { echo "<script>window.location.href='passlist.php'</script>"; } session_unset(); session_destroy(); include("dbinfo.inc.php"); mysql_connect($servname,$dbusername,$dbpassword); @mysql_select_db($database) or die( "Unable to select database"); $query="SELECT * FROM ($newdbname) "; $result=mysql_query($query); $num=mysql_numrows($result); mysql_close(); $i=0; while ($i < $num) { $user_id=mysql_result($result, $i, "user_id"); $username=mysql_result($result,$i,"username"); $password=mysql_result($result,$i,"password"); echo "$username, $password, $user_id"; ?> <form action="updated.php"> <input type="hidden" name="user_id" value="<?php echo "$user_id"; ?>"> Username: <input type="text" name="username" value="<?php echo "$username"?>"><br> Password: <input type="text" name="password" value="<?php echo "$password"?>"><br> <input type="Submit" value="Update" name="submit"> </form> <?php ++$i; } ?> I hope I'm explaining this correctly, I'm baffled. Quote Link to comment Share on other sites More sharing options...
amplexus Posted September 6, 2010 Author Share Posted September 6, 2010 what I think is happening is that the referring page has a fairly simple javascript pass protect script (this isn't government secrets here) and when you don't don't enter the right code, it somehow runs the script without displaying? here's the referring page code, and the javascript as well <head> <SCRIPT language="JavaScript" src="logscript.js"> </SCRIPT> <link href="cathfound.css" rel="stylesheet" type="text/css" /> </HEAD> <?php session_start(); $_SESSION['logged'] = 1; include("dbinfo.inc.php"); mysql_connect($servname,$dbusername,$dbpassword); @mysql_select_db($database) or die( "Unable to select database"); $query="SELECT * FROM ($newdbname)"; $result=mysql_query($query); $num=mysql_numrows($result); mysql_close(); echo "<b><center>Database Output</center></b><br><br>"; ?> <table border="0" cellspacing="2" cellpadding="2"> <tr> <th><font face="Arial, Helvetica, sans-serif">Username</font></th> <th><font face="Arial, Helvetica, sans-serif">Password</font></th> </tr> <? $i=0; while ($i < $num) { $username=mysql_result($result,$i,"username"); $password=mysql_result($result,$i,"password"); ?> <tr> <td><font face="Arial, Helvetica, sans-serif"><? echo "$username"; ?></font></td> <td><font face="Arial, Helvetica, sans-serif"><? echo "$password"; ?></font></td> </tr> <? ++$i; } echo "</table>"; ?> <br/><br/><br/><br/><a href="update.php">Click here to update users</a> java script: var password; var pass1="xxxxxxxxxx"; password=prompt('Please enter your password to view this page!',' '); if (password==pass1) alert('Password Correct! Click OK to enter!'); else { window.location="/index.html"; } Quote Link to comment Share on other sites More sharing options...
amplexus Posted September 6, 2010 Author Share Posted September 6, 2010 I'm pretty sure it's NOT the javascript causing the problem. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.