securing php pages

securing php pages

am 20.11.2009 16:56:39 von nitin reddy

--001636ed6a1881d74f0478cf855a
Content-Type: text/plain; charset=ISO-8859-1

Hi I am a new user of PHP..in my project i have put login forms and i am
able to login successful but the pages after the login can be accessed
directly by typing the address so if any one can help in this matter.


Thank you,

--
Nitin

--001636ed6a1881d74f0478cf855a--

RE: securing php pages

am 20.11.2009 17:00:40 von David Stoltz

You can use either cookies of sessions to maintain security:

Some pseudo code:

Login page:

Login successful? If yes, set session value "LOGIN" =3D "YES"

Then on all other pages, 1st check session value "LOGIN"....if !=3D =
"YES"
then bump them to the login page.

Make sense?

-----Original Message-----
From: nitin reddy [mailto:chintu.nitin@gmail.com]=20
Sent: Friday, November 20, 2009 10:57 AM
To: php-general@lists.php.net
Subject: [PHP] securing php pages

Hi I am a new user of PHP..in my project i have put login forms and i am
able to login successful but the pages after the login can be accessed
directly by typing the address so if any one can help in this matter.


Thank you,

--=20
Nitin

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: securing php pages

am 20.11.2009 17:49:17 von LinuxManMikeC

On Fri, Nov 20, 2009 at 8:56 AM, nitin reddy wrote:
> Hi I am a new user of PHP..in my project i have put login forms and i am
> able to login successful but the pages after the login can be accessed
> directly by typing the address so if any one can help in this matter.
>
>
> Thank you,
>
> --
> Nitin
>

Are you certain you aren't already logged in when you attempt to
access these pages directly? Does authentication expire?

And to on the subject, the best way to secure any program is to write
it to a CD and set it on your desk. :-)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: securing php pages

am 20.11.2009 20:00:05 von niccguard-dev

--0-1983487024-1258743605=:47933
Content-Type: text/plain; charset=us-ascii

From: nitin reddy
To: php-general@lists.php.net
Sent: Fri, November 20, 2009 8:56:39 AM
Subject: [PHP] securing php pages

Hi I am a new user of PHP..in my project i have put login forms and i am
able to login successful but the pages after the login can be accessed
directly by typing the address so if any one can help in this matter.


Thank you,

--
Nitin





I'm a PHP noob in general, but I'll throw in my 2 cents:

Every page you want to keep people from accessing if they aren't logged in, needs to check the status of the login.

Here is a link to a login system I used in learning more about setting this up, it may help you to understand better;

http://evolt.org/PHP-Login-System-with-Admin-Features

--

Aaron
--0-1983487024-1258743605=:47933--