« previous next »
Pages: [1]   Go Down

Author Topic: login page only blocks one page  (Read 3482 times)

woodie45edd

  • New Member
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
login page only blocks one page
« on: April 27, 2008, 05:14:19 PM »
hey guys having a little problem i want to block other pages from being seen without them being logged at the moment my script directs the user to the secret.php page only but if the user knew the other pages they could get in with no problem. is there anyway of preventing multiple page blocking by using multiple headers i.e header("Location:secret.php");

i have tried certain things but still no luck :(

<?php  

$userDB = array("pcjohn" => "secret",
"ewood"  => "secret",
"helen" => "secret");  
function getPasswordForUser($username) {

global $userDB;     return $userDB[$username];
}  
function validate($challenge, $response, $password) {
return md5($challenge . $password) == $response;
}  
function authenticate() {
if (isset($_SESSION[challenge]) &&
isset($_REQUEST[username]) &&
isset($_REQUEST[response])) {
$password = getPasswordForUser($_REQUEST[username]);
if (validate($_SESSION[challenge], $_REQUEST[response], $password)) {
$_SESSION[authenticated] = "yes";
$_SESSION[username] = $_REQUEST[username];;
unset($_SESSION[challenge]);
} else {
header("Location:login.php?error=".urlencode("Failed authentication"));
exit;
}
} else {
header("Location:login.php?error=".urlencode("Session expired"));
exit;
}
}
session_start();
authenticate();
<?php  

$userDB = array("pcjohn" => "secret",
"ewood"  => "secret",
"helen" => "secret");  
function getPasswordForUser($username) {

global $userDB;     return $userDB[$username];
}  
function validate($challenge, $response, $password) {
return md5($challenge . $password) == $response;
}  
function authenticate() {
if (isset($_SESSION[challenge]) &&
isset($_REQUEST[username]) &&
isset($_REQUEST[response])) {
$password = getPasswordForUser($_REQUEST[username]);
if (validate($_SESSION[challenge], $_REQUEST[response], $password)) {
$_SESSION[authenticated] = "yes";
$_SESSION[username] = $_REQUEST[username];;
unset($_SESSION[challenge]);
} else {
header("Location:login.php?error=".urlencode("Failed authentication"));
exit;
}
} else {
header("Location:login.php?error=".urlencode("Session expired"));
exit;
}
}
session_start();
authenticate();
header("Location:secret.php");


exit();
?>



exit();
?>
Logged

peg110

  • Expert PHP Helper
  • Senior Member
  • *****
  • Posts: 799
  • Karma: +0/-0
    • View Profile
    • http://www.tripleclicks.com/11260983/go
Re: login page only blocks one page
« Reply #1 on: May 06, 2008, 02:26:17 PM »
set a session variable when they are logged in. At the top of every "Secret" page, CHECK the session variable when the page is accessed . If it's not set to be "LOGGED IN" then re-direct them to the login page.
Logged
Pages: [1]   Go Up
« previous next »