I don't think this is a secure method. If I do only a little effort an find out, that it's this variable $islogged which has to set to "yes" (or whatever) I can gain access by simply typing into the browsers addressbar "www.yourdomain.com/theFileIWantToGo.php?islogged=yes" and I will gain access.
I'm sorry, but I can't tell you a better way to do it. Stefan Rusterholz, [EMAIL PROTECTED] ---------------------------------- interaktion gmbh Stefan Rusterholz Zürichbergstrasse 17 8032 Zürich ---------------------------------- T. +41 1 253 19 55 F. +41 1 253 19 56 W3 www.interaktion.ch ---------------------------------- ----- Original Message ----- From: "Daniel Masur" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 14, 2001 2:33 PM Subject: [PHP] Re: Login/Security Problem > set a cookie, and delete it with a logout button or when the user leaves > your domain > > > "Joe Van Meer" <[EMAIL PROTECTED]> schrieb im Newsbeitrag > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi there. I'm new to php and would like some insight on securing a > website. > > Upon successful login to my site (checks against database for username and > > password) I assign a session variable called '$islogged' to 'yes'. On all > > other pages throughout my site I use the following code to determine if > this > > variable is set, and if not redirect them to the login page. > > > > if($islogged = = "no"){ > > > > header("Location:index.php"); > > } > > elseif(EMPTY($islogged)) > > { > > header("Location:index.php"); > > } > > > > > > This seems to work, however, if I close out my browser and say type in > > main.php (this page has the above code) in the address bar I can still > > access the page. How can I fix this? Is there something else I could be > > doing to improve the functionality? > > Any insights would greatly be appreciated. > > > > Cheers Joe:) > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
