[SOLVED] Hiding <HREF>

[aztec]

Hello

 

Part of my login system is that when a user wishes to login they are directed to a "protected" page that checks to see if they are logged in and if not launches a login page, the login is based on setting a session and works satisfactory.

 

My concern is that although the page is a combination of PHP, CSS and HTML the visitor, should they wish can look at the source code and see the remaining HTML and the calling page hfef.

 

Whilst the calling page is "protected" by showing the calling page it would give someone intent on penetrating the members area a page reference to work on at their leiasure.

 

My question is can this be hidden in the source code.

 

<a href ="membersonly.php"> Login Page</a> 

 

Kind Regards

[revraz]

Even though they can see it, it really shouldn't matter if the page itself is checking a session.  If the session doesn't exist, you should use a header to take them away, so they never see the source of that page.

[aztec]

Hello

 

Thanks REVAZ

 

You obviously don't think that there is a security problem then.

 

Regarding using a header to take them away, this is new territory for me so two questions,

 

a) do I need to use htaccess for this

b) would you point me in the right direction

 

Regards

[PHP Monkeh]

The code for re-direction using header is :

 

<?php

header("Location: page.php");

?>

 

Just incase you don't know, you must use header() before anything is output to the browser (even things such as <html>, <body> etc).

[aztec]

Hello

 

Thanks for your response I had read that but for some reason I thought it was more complicated and involved the use of htaccess.

 

Thanks again for putting me straight.

 

Regards

[Lumio]

Don't forget to add exit; after header('Location: ');

Or the source may get send