Jump to content

Archived

This topic is now archived and is closed to further replies.

luilloxp

To restrict access to web pages

Recommended Posts

Hi guy's!!

 

I'm a rookie in php and I'm working in an application.

 

Why the security application that I maded, it's perfect locally in my pc and in the server don't function?

 

I have 4 files,

 

1. login.php (a php page that contain an html form)

2. logincontrol.php (a php file that join me to the mysql database and that compare the data introduced in the html form with the database.)

 

3. security.php (a php file that is a part of a security layer)

 

4. SolicitudJumpPage.php (a php web page that have a list box that send to me to the desired htm web page)

 

That's supose that if I try to access to the SolicitudJumpPage.php directly in the address bar, without pass to the login page, the web browser automatically send to me to the login page.

 

This example is working good locally in my pc, but when i run this example in the server, after make login in the login screen, the next page that the web browser show me is the login page again.

 

Please, someone can help me

Share this post


Link to post
Share on other sites

Sounds like you need some error trapping, echo some of the passed variables out to the screen or add them to the redirect url for instance my initial thought to your problem is that the sql lookup isnt working on your server so if you were to add ?formuser="andy"&sqluser="" by appending the variables to the form action or the resulting redirect string you could tell if one wasnt present.

 

Also think about building the code into 1 file by using functions, test the input string to see if it has any variables attached if it dosnt call the form function but if it does use the username lookup function and so on.

 

Also dont forget to rename your html files to php files and add a security header to them.

 

Some other thoughts while writing this, ou may be requiring globals look here:

 

[a href=\"http://uk2.php.net/register_globals\" target=\"_blank\"]http://uk2.php.net/register_globals[/a]

 

Also how are you doing the check to see where the request is comming from as Windows has some issues with the common variables i.e.

 

$_SERVER['SCRIPT_NAME'] does not seem to work and you need to replace it with $_SERVER['SCRIPT_FILENAME']

 

Some of the file paths like PHP_SELF have the / swapped for windows \ (XPSP2 so I am told) once again echo them out and check them.

 

Here are some good examples:

 

[a href=\"http://uk.php.net/manual/en/language.variables.external.php\" target=\"_blank\"]http://uk.php.net/manual/en/language.variables.external.php[/a]

 

Hope this is of some help and good luck.

 

Clint Gaskin

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.