severndigital Posted March 23, 2007 Share Posted March 23, 2007 I am getting ready to redesign an existing site. I am starting from the ground up and only taking limited code from the original site. my question is simple. should i focus on securing the site first? or secure it after it is developed and working?? the site will be running in https any input would be great. thanks, chris Quote Link to comment Share on other sites More sharing options...
tauchai83 Posted March 23, 2007 Share Posted March 23, 2007 the way you ask sound like a little bit funny. Which 1 go first? security code doesn't need long time to write though. There are several ways actually. The simplest way, first, make sure all your file is .php extension. NOT HTML anymore. secondly, the easiest way, you check the user is login/level of his access or else no permission is granted to access your system. for login, include it in every top of your page: <?php session_start(); $userid = $HTTP_SESSION_VARS['userid']; if(session_is_registered('userid')) { blah blah blah......... ?> Quote Link to comment Share on other sites More sharing options...
jguy Posted March 23, 2007 Share Posted March 23, 2007 I agree with tauchai83. I actually develop the session user checks in a separate file outside of my web root or in some include directory that contains the code that checks if a user is logged in. I usually call the file "sescheck.php". When a start new pages, I just include it in the beginning of the php file. Something like this(sescheck.php): <?php //Start User Session session_start(); /* Check for valid session user */ if(empty($_SESSION['user_name'])) { echo $ER_LOGINMSG; exit; } $ER_LOGINMSG = "<html><head><title>Login Error</title>"; $ER_LOGINMSG .= "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">"; $ER_LOGINMSG .= "<link href=\"../styles.css\" rel=\"stylesheet\" type=\"text/css\"></head>"; $ER_LOGINMSG .= "<body><br /><br /><br /><div class=\"centered\"> <table class=\"centered-table\"><tr><td> <div class=\"er_back\"><div class=\"er_section\"> <p class=\"er_login\">Login Error:</p> An error has ocurred. It may be that you have not logged in,<br />or that your session has expired. Please try <a href=\"../login.php\">logging in</a> again or<br /> contact the <a href=\"mailto:me@somewhere.com\"> system administrator</a></div></div></div></td> </tr></table></body></html>"; ?> Then in the file itself, I do something like this: <?php //include session check include ('includes/sescheck.php'); //do your stuff below here ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.