<?php
include ("database.php");
$request =$_POST['request'];
$query = ("select * from requesttable where cardnum='$cardnum' and serial='$serial' and request='$request'");
$reques=$row[reques];
$_SESSION[123456]=$request;
if ($request==one)
{
echo"<h2>Please Go Ahead and make your request</h2><br>";
echo"<a href = 'one.php'>One</a></br>";
}
elseif ($request==two)
{
echo"<h2>Please Go Ahead and make your request Two</h2><br>";
echo"<a href = 'two.php'>Two</a></br>";
}
elseif ($request==three)
{
echo"<h2>Please Go Ahead and make your request Three</h2><br>";
echo"<a href = 'three.php'>Three</a></br>";
}
else
echo"<h2>Check the request </h2><br>";
?>
Hello,
I am getting a security holes on the script below:
(1) To get to the request page, one must enter his card number, serial number and request, this will take you to request.php page to make your request on any of the link as defined.
(2)
On each of the top page of one.php, two.php, three.php I have the below script to control the respective page once user login to request page on the basis of their session.
<?php
session_start();
if(empty($_SESSION[123456]))
header("Location:memberarea.php");
echo "Welcome $_SESSION[123456]";
?>
(3)
The security hole: once a user who register for request ONE granted access to the request page, the page session give rooms to access the pages of Two and Three he never register, the registration form permit user to register for one request at a time
(4) For example if a user who register for One, get to the request page, he click on the hyperlink One to access the ONE.php page, (using session set). The user, once he type tow.php or three.php, he is granted access. This is not supposed to be since I am using session $_SESSION [123456] =$request; which allow users to access each page based on their request.
Can any one advice me how to stop this hole or figure out what might be wrong with my script above.
I await your reply,
Thanks,
Gab
[Non-text portions of this message have been removed]
