Re: Link to external pages from login page

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Feb 2, 2015, at 1:24 PM, michael bredthauer wrote:


Hello, my name is Mike
Im new to PHP, I am having trouble figuring out how to create pages that are link to the login page but cannot be accessed without using the login page. I don’t know databases or MySQL yet. Anyone have any tips?
If you have a page that is presented on successful login, have the links in that page.
In order to prevent unauthorized access to those pages, like someone has already seen the page and copies, or bookmarks the page and tries to open a bookmark or paste the url into a browsers location field, there will be no $_SERVER['HTTP_REFERER'] value 
set so:
In the top of the page have php look at $_SERVER["HTTP_REFERER"] and if it is not the login page have the script send a access denied message and call exit before the pages can load. That means that all these restricted pages will have to have php scripts in them and in most server setups, they will have to have .php extension.
It is possible to set up Apache to recognize other extension suffixs such as html, htm or 
other as containing php scripts.
If you have a user loggin in and part of that process is setting a session id cookie, you can also have php look for a valid session id cookie when a client requests the restricted pages. 


Fof instance
suppose you have a page http://www.yoursite.com/logged_in.php that is shown on successful 
log in.
at the top of all the restricted pages you have linked to that page put a script something like 
<?php
if(! isset($_SERVER['HTTP_REFERER']) || $_SERVER['HTTP_REFERER'] != "http://www.yoursite.com/logged_in.php ") 
  {
  /*
 can add
if(! $_COOKIE['<valid login session id>'])
*/
  print "access denied, you must be logged in to access this content";
 exit;
}

?>
In case you have restricted content that is not directly linked to the original login page, but is linked to other restricted content, the HTTP_REFERER should be any page that the requested page is linked to.
I have done this without ssl. It may be diferent where you have ssl involved. 
JK
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux