Jump to content

Preventing direct access to php pages


dc909

Recommended Posts

Hello everyone. I am NOT a programmer and have very limited knowledge of PHP. I found the information on one of the thread somewhat useful, well it worked once, but it's not working!!

I purchased a custom coded php website and I wanted to make it a "members only" website, so I looked around and found the WYSIWYG web builder, that helped me create a log in page, a sign up page etc. My login page is named "default.php", and if the username and password is correct it takes you to "index.php", which is the main page of the actual website. I want to make sure that no one can access "index.php" or any other page without first going through the log in page "default.php".

 

I tried the solution you presented in one the forums and it worked,

 

I put this code in "default.php":

 

$_SESSION['can_access'] = true;

 

and this code in "index.php"

 

session_start();

// kill the page if the access variable doesn't exists
//            or if the access variable does exist but is not set to true
if(!isset($_SESSION['can_access']) || (isset($_SESSION['can_access']) && $_SESSION['can_access'] !== true))
{
   die('You cannot directly access this page!'); // kill the page display error
}

 

The first time it worked, I logged in and went to the index page, and I was not able to go directly to "index.php" if I typed it into my browser! woohooo !!

but after that first time, I get the error message every time I log in, and I can't get to "index.php" .Any ideas about what I'm missing here? Please remember I'm new to all this. I can copy and paste whatever code you provide, and see if it works, that's about it.

Link to comment
Share on other sites

I added this code to top of "index.php" :

 

session_start();

 

and now it works. I can log in, and I can't access "index.php" directly. But I can still access other pages of the website directly. I'm so close. I hope someone can help. Thank you in advance.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.