fredundant Posted January 21, 2011 Share Posted January 21, 2011 Hi there. I created a registration and login script which works fine. However if the user knows the url of the page they do not need to login which is huge security flaw on my side Here is the login page <HTML> <head><title>Login</title> <link rel='stylesheet' href='layout.css'> </head> <body bgcolor="#fd8ecf"> <center><img src="headerpage.jpg"></center> <div class="navbar"> <div class="button"><a href="index.html">Home</a></div> <div class="button"><a href="news.html">News</a></div> <div class="button"><a href="gallery.html">Gallery</a></div> <div class="button"><a href="videos.html">Videos</a></div> <div class="button"><a href="contact.html">Contact</a></div> <div class="button"><a href="links.html">Links</a></div> <div class="button"><a href="msg.html">Message Kaaleigh</a></div> </div> <div class="frame"> <frameset cols="25%,75%" noresize="noresize"> <? session_start(); //initialize session mechanism if(!isset($_POST['ok'])) { // if the form is not completed, display it echo" <table width='100%'> <form method='POST' action='login.php'> <tr><td align=center> <table> <tr><td> <table> <tr><td>Login:</td><td><input type='text' name='username' size='15'></td></tr> <tr><td>Password:</td><td><input type='password' name='password' size='15'></td></tr> </table> </td></tr> <tr><td align=center><input type='submit' name='ok' value='Enter'></td></tr> </table> </td></tr> </form> </table> "; } else{ //supposed that user data //is saved in database, in users table, that includes id, login, pass fields $db=mysql_pconnect('******','********') or die(mysql_error()); mysql_select_db('*******') or die(mysql_error()); //check if there is a user with such login and password $res=mysql_query("SELECT * FROM users WHERE username='".$_POST['username']."' AND password='".$_POST['password']."'", $db); if(mysql_num_rows($res)!=1){ //such user doesn’t exist echo "Incorrect login and password"; } else{ //user is found $_SESSION['username']=$_POST['username']; //set login & pass $_SESSION['password']=$_POST['password']; header("Location: messageboard.php"); // redirect him to messageboard.php } mysql_close(); } ?> </body> </html> and here is the "protected" page <?php session_start(); //this checks to see if the $_SESSION variable has been not set //or if the $_SESSION variable has been not set to true //and if one or the other is not set then the user gets //sent to the login page if(!isset($_SESSION)){ header('Location: messageboard.php'); } ?> HTML Placed here What I want is effectively 2 messageboard.php pages one for a logged in user and one which tells a user to login what am i missing? Quote Link to comment https://forums.phpfreaks.com/topic/225254-login-can-be-bypassed/ Share on other sites More sharing options...
trq Posted January 22, 2011 Share Posted January 22, 2011 The $_SESSION array will be set. You need to check further into the array. eg; if (!isset($_SESSION['username'])) { header('Location: messageboard.php'); } Quote Link to comment https://forums.phpfreaks.com/topic/225254-login-can-be-bypassed/#findComment-1163397 Share on other sites More sharing options...
fredundant Posted January 22, 2011 Author Share Posted January 22, 2011 Thankyou thorpe. That answered my question brilliantly. One more thing. How do I redirect the user to another page that says you need to be logged in to access the message board? lets called this page notlogged.html As far as I was aware my users who are not logged in should have been sent back to log in page Quote Link to comment https://forums.phpfreaks.com/topic/225254-login-can-be-bypassed/#findComment-1163576 Share on other sites More sharing options...
trq Posted January 22, 2011 Share Posted January 22, 2011 You use the header functions to set a Location header to do a redirect. Quote Link to comment https://forums.phpfreaks.com/topic/225254-login-can-be-bypassed/#findComment-1163580 Share on other sites More sharing options...
fredundant Posted January 22, 2011 Author Share Posted January 22, 2011 ofcourse. When trying to go to messageboard without being logged in it timed out as would redirect it back to messageboard and loop round. didn't realise I had the header set back to messageboard. Thankyou for your help. Quote Link to comment https://forums.phpfreaks.com/topic/225254-login-can-be-bypassed/#findComment-1163586 Share on other sites More sharing options...
PFMaBiSmAd Posted January 22, 2011 Share Posted January 22, 2011 In the code you posted above to protect access to a page, you must put an exit; statement in your code after the header(); statement in order to prevent the remainder of the code on your 'protected' page from being executed while the browser preforms the redirect OR you need to put the remainder of the code on the page inside of an else{} statement that you add to that if(){} statement. Quote Link to comment https://forums.phpfreaks.com/topic/225254-login-can-be-bypassed/#findComment-1163601 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.