SirChick Posted December 3, 2007 Share Posted December 3, 2007 I have a question about headers... If i use headers to prevent people doing something they should not be on a site for simple example: if user's level is below 10 header to "test.php" Can that level 10 some how stop the header from occur using a program or just some other clever way ? Because I have been using headers to redirect users away from pages they should not be on... is this the best secure way? Quote Link to comment Share on other sites More sharing options...
phpSensei Posted December 3, 2007 Share Posted December 3, 2007 I have a question about headers... If i use headers to prevent people doing something they should not be on a site for simple example: if user's level is below 10 header to "test.php" Can that level 10 some how stop the header from occur using a program or just some other clever way ? Because I have been using headers to redirect users away from pages they should not be on... is this the best secure way? That, or just use a die() statement. Quote Link to comment Share on other sites More sharing options...
SirChick Posted December 3, 2007 Author Share Posted December 3, 2007 well die would make the user go to a white screen.. which is slightly unprofessional. But can hackers stop headers from happening on their browsers? Quote Link to comment Share on other sites More sharing options...
phpSensei Posted December 3, 2007 Share Posted December 3, 2007 well die would make the user go to a white screen.. which is slightly unprofessional. But can hackers stop headers from happening on their browsers? die(" ALL THE HTML, AND SEXY LAYOUT ERROR STUFF YOU WANT IN HERE TO SHOW THE MEMBER" ); Quote Link to comment Share on other sites More sharing options...
revraz Posted December 3, 2007 Share Posted December 3, 2007 Even if they do stop the headers, they will just be sitting there with a stopped browser. As long as each one of your secured page checks access each time it loads, it shouldnt be a problem. Quote Link to comment Share on other sites More sharing options...
SirChick Posted December 3, 2007 Author Share Posted December 3, 2007 well die would make the user go to a white screen.. which is slightly unprofessional. But can hackers stop headers from happening on their browsers? die(" ALL THE HTML, AND SEXY LAYOUT ERROR STUFF YOU WANT IN HERE TO SHOW THE MEMBER" ); to repeat the html over and over for each error would make my scripts over 1000 lines long on average given the amount of error checks it does... possibly not a logical method. Revraz.... thanks for info, i hope your right hehe! Quote Link to comment Share on other sites More sharing options...
phpSensei Posted December 3, 2007 Share Posted December 3, 2007 well die would make the user go to a white screen.. which is slightly unprofessional. But can hackers stop headers from happening on their browsers? die(" ALL THE HTML, AND SEXY LAYOUT ERROR STUFF YOU WANT IN HERE TO SHOW THE MEMBER" ); to repeat the html over and over for each error would make my scripts over 1000 lines long on average given the amount of error checks it does... possibly not a logical method. Revraz.... thanks for info, i hope your right hehe! What? <?php if($level == 10){ die("Sorry, you cant access this page"); } //// THE REST Of YOUR SITE ?> It was 3 lines of code. Quote Link to comment Share on other sites More sharing options...
trq Posted December 3, 2007 Share Posted December 3, 2007 phpSensei, allot of people would rather there site like more professional then a blank page with a single line message. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted December 3, 2007 Share Posted December 3, 2007 phpSensei, allot of people would rather there site like more professional then a blank page with a single line message. Yes but couldnt you just make a function with the nice professional layout function show_error(){ $error = // html echo $error; } and then do die(show_error()); and still have a nice little message and still leaving you with your layout? Quote Link to comment Share on other sites More sharing options...
SirChick Posted December 3, 2007 Author Share Posted December 3, 2007 If you have: Die(" message here") ; the script completely dies except that line thus you get a white screen and just the rest of the script does not execute from that point. Die is good for error checking more than anything.. Message here Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.