access a secure page by changing the url

[Mr P!nk]

how can i stop people getting into a secure logged in page by just typing

www.somesite.co.uk/admin/index.php.

 

theres a login set up, but i can bypass it by just entering the url location, this is a major security issue that i need to solve relatively quickly before i publish the pages.

 

what i need/want is if someone isn't logged in it just goes to a page saying "you must be logged in to access this page" then prompts them to login.php.

 

 

thanks

 

 

[Jessica]

Make a function which checks if they are logged in or not, and call it on every page.

[Mr P!nk]

would that be with using sessions?

 

 

thanks

[AdRock]

Yes, you will need to register a session after the user logs in

 

This is a function that checks if a user is authed

function is_authed_user()
{
     // Check if the encrypted username is the same
     // as the unencrypted one, if it is, it hasn't been changed
     if (isset($_SESSION['username']))
     {
          return true;
     }
     else
     {
          return false;
     }
}

 

On the page where you want to secure use something like this

<?php

    if (!is_authed_user()) 
    {
print ('You need to login to view this page, <a href="/login">click here</a> to login.');
include('login.php');
    }
    else
    {
            print('You ARE allowed to view this page
    }
?>

[Mr P!nk]

thanks, ill go try this now, and let you know how it goes

 

cheers for you help

[Mr P!nk]

hmm its not working for me,

it just lets me go to the page, but this time it has the login page at the top,

its the same for both a user and a guest.

 

thanks

P!nk