Jump to content

access a secure page by changing the url


Mr P!nk

Recommended Posts

how can i stop people getting into a secure logged in page by just typing

www.somesite.co.uk/admin/index.php.

 

theres a login set up, but i can bypass it by just entering the url location, this is a major security issue that i need to solve relatively quickly before i publish the pages.

 

what i need/want is if someone isn't logged in it just goes to a page saying "you must be logged in to access this page" then prompts them to login.php.

 

 

thanks

 

 

Link to comment
https://forums.phpfreaks.com/topic/70458-access-a-secure-page-by-changing-the-url/
Share on other sites

Yes, you will need to register a session after the user logs in

 

This is a function that checks if a user is authed

function is_authed_user()
{
     // Check if the encrypted username is the same
     // as the unencrypted one, if it is, it hasn't been changed
     if (isset($_SESSION['username']))
     {
          return true;
     }
     else
     {
          return false;
     }
}

 

On the page where you want to secure use something like this

<?php

    if (!is_authed_user()) 
    {
print ('You need to login to view this page, <a href="/login">click here</a> to login.');
include('login.php');
    }
    else
    {
            print('You ARE allowed to view this page
    }
?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.