networkthis Posted March 5, 2008 Share Posted March 5, 2008 I have a registration page, login page, and file browser which all are using sessions to store information without a database. The only problem I am currently running into is as follows...no matter what the username/password combo is for user1 I can simply change the path of the url and automatically be passed into any other users file browser. I currently have each filebrowser script simply set to checkUser which is a fuction to validate a current username and password in a set text file. Each user has a seperate file allowing them access to only their files in their folder viewable through the filebrowser- unless they type a different url in. Example... (user1 can simply type user2) http://www.example.com/user1/filebrowser.php -- User 1 Files http://www.example.com/user2/filebrowser.php -- User 2 Files http://www.example.com/user3/filebrowser.php -- User 3 Files Any ideas for how to fix this easily? I have spent a lot of time making everything work without a database securely and would really like to keep it that way. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted March 5, 2008 Share Posted March 5, 2008 try using parseurl Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.