How to stop direct execution to my page

How to stop direct execution to my page

am 05.09.2007 11:10:47 von upendrajpr

Dear frindes,
I am new to php. in my 'php' code when someone
login into my page he/she awail the necessary page rights, it's quite
ok. but when it click on the page and someone direct copy & paste the
url he also access the page without proper login.
How it could be possible that someone access only after
the login and not direct copy & paste the desired url.

with session & without session.

Thanx in advance.

situ.

Re: How to stop direct execution to my page

am 05.09.2007 11:23:42 von Erwin Moller

upendrajpr@gmail.com wrote:
> Dear frindes,
> I am new to php. in my 'php' code when someone
> login into my page he/she awail the necessary page rights, it's quite
> ok. but when it click on the page and someone direct copy & paste the
> url he also access the page without proper login.
> How it could be possible that someone access only after
> the login and not direct copy & paste the desired url.
>
> with session & without session.
>
> Thanx in advance.
>
> situ.
>

Hi,

Answer: Sessions.

loginpage posts to a check username/password page.
On succes set a sessionvariable, eg:
[stupid example]
session_start();
if (($_POST["username"] == "situ") && ($_POST["password"] == "secret")){
$_SESSION["validUser"] = "Y";
} else {
header ("Location: loginpage.php");
exit;
}


Then from every other page that requires a validated user:
session_start();
if ((isset($_SESSION["validUser"])) && ($_SESSION["validUser"] == "Y")){
// OK
} else {
// NOT ok
header ("Location: loginpage.php");
exit;
}

Go to www.php.net to learn more about sessions.

Regards,
Erwin Moller

Re: How to stop direct execution to my page

am 05.09.2007 11:32:30 von upendrajpr

On Sep 5, 2:23 pm, Erwin Moller
wrote:
> upendra...@gmail.com wrote:
> > Dear frindes,
> > I am new to php. in my 'php' code when someone
> > login into my page he/she awail the necessary page rights, it's quite
> > ok. but when it click on the page and someone direct copy & paste the
> > url he also access the page without proper login.
> > How it could be possible that someone access only after
> > the login and not direct copy & paste the desired url.
>
> > with session & without session.
>
> > Thanx in advance.
>
> > situ.
>
> Hi,
>
> Answer: Sessions.
>
> loginpage posts to a check username/password page.
> On succes set a sessionvariable, eg:
> [stupid example]
> session_start();
> if (($_POST["username"] == "situ") && ($_POST["password"] == "secret")){
> $_SESSION["validUser"] = "Y";} else {
>
> header ("Location: loginpage.php");
> exit;
>
> }
>
> Then from every other page that requires a validated user:
> session_start();
> if ((isset($_SESSION["validUser"])) && ($_SESSION["validUser"] == "Y")){
> // OK} else {
>
> // NOT ok
> header ("Location: loginpage.php");
> exit;
>
> }
>
> Go towww.php.netto learn more about sessions.
>
> Regards,
> Erwin Moller

Thank you very much for quick reply I think this definately help me
a lot.

regards
situ