Jump to content

adding security to a new site

severndigital

By severndigital
in PHP Coding Help

 Share

Recommended Posts

severndigital Advanced Member

severndigital

Posted
Posted

I am getting ready to redesign an existing site. I am starting from the ground up and only taking limited code from the original site.

 

my question is simple.

 

should i focus on securing the site first? or secure it after it is developed and working??

 

the site will be running in https

 

any input would be great.

 

thanks,

chris

Link to comment
Share on other sites
tauchai83 Member

tauchai83

Posted
Posted

the way you ask sound like a little bit funny. Which 1 go first?

 

security code doesn't need long time to write though.

 

There are several ways actually. The simplest way, first, make sure all your file is .php extension. NOT HTML anymore.

 

secondly,

the easiest way, you check the user is login/level of his access or else no permission is granted to access your system.

 

for login,

 

include it in every top of your page:

 

 

<?php
session_start();

$userid = $HTTP_SESSION_VARS['userid'];

if(session_is_registered('userid'))
{

blah blah blah.........









?>

Link to comment
Share on other sites
jguy Newbie

jguy

Posted
Posted

I agree with tauchai83.  I actually develop the session user checks in a separate file outside of my web root or in some include directory that contains the code that checks if a user is logged in.  I usually call the file "sescheck.php".  When a start new pages, I just include it in the beginning of the php file. 

 

Something like this(sescheck.php):

<?php
//Start User Session 
session_start();

/*
  Check for valid session user
*/
  if(empty($_SESSION['user_name'])) {
   echo $ER_LOGINMSG;
   exit;
  }
  

$ER_LOGINMSG = "<html><head><title>Login Error</title>";
$ER_LOGINMSG .= "<meta http-equiv=\"Content-Type\" content=\"text/html;
                 charset=iso-8859-1\">";
$ER_LOGINMSG .= "<link href=\"../styles.css\" rel=\"stylesheet\"
                 type=\"text/css\"></head>";
$ER_LOGINMSG .= "<body><br /><br /><br /><div class=\"centered\">
                 <table class=\"centered-table\"><tr><td>
                 <div class=\"er_back\"><div class=\"er_section\"> 
			 <p class=\"er_login\">Login Error:</p>
			 An error has ocurred. It may be that 
			 you have not logged in,<br />or that your session has 
			 expired. Please try <a href=\"../login.php\">logging in</a> again 
                 or<br /> contact the <a href=\"mailto:me@somewhere.com\">
			 system administrator</a></div></div></div></td>
			 </tr></table></body></html>";
?>

 

Then in the file itself, I do something like this:

<?php
//include session check
include ('includes/sescheck.php');

//do your stuff below here
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.