Hi, I have a site constructed by 3rd party software, which does allow me to change some of the code.
the I have generated pages and my own pages, the generated pages are protected by user level authorisation, which I want to extend to the non protected pages in the same directory in order to stop clients having access to these pages without login or being already logged in.
If for example they go to ferry.php, through normal login they have no problem, but if they try to access it directly I have put code in which stops them, but doesnt have the desired effect of redirecting them to login, coming up with the error, headers already sent.
Here is the code taken from a generated page that works, sends them to login, and when successful, returns the page. I include the html below the php code. there is something glaringly obvious I am not doing correctly or not understanding…(should I strip the html head code out??)
#1 correct and working:
[php]<?php
@session_start();
$_SESSION[“SkipConnectMySQL”] = “”;
require(‘qs_connection.php’);
require(‘qs_functions.php’);
//Check security login
$pagesecure_level = 3;
if (strtoupper(qsrequest(“logout”))==“Y”) {
$_SESSION[“Mtas_UserLevel”] = 0;
$_SESSION[“Mtas_Logon”] = “FALSE”;
$_SESSION[“Mtas_UserLogon”] = “”;
$_SESSION[“Mtas_RedirectURL”] = qssession(“firstredirecturl”);
header (“Location: ./mtas_login.php”);
exit();
}
if (qssession(“Mtas_Logon”) != “TRUE”) {
$_SESSION[“Mtas_RedirectURL”] = “./” . rawurlencode(“mtas”).".php?" . qsservervars(“QUERY_STRING”);
header (“Location: ./mtas_login.php”);
exit();
}
if (qssession(“Mtas_UserLevel”) == “”) {
$_SESSION[“Mtas_UserLevel”] = 0;
}
if (qssession(“Mtas_UserLevel”) < $pagesecure_level) {
$_SESSION[“Mtas_Logon”] = “FALSE”;
$_SESSION[“Mtas_RedirectURL”] = “./” . rawurlencode(“mtas”).".php?" . qsservervars(“QUERY_STRING”);
include_once(‘mtas_login.php’);
exit();
}
[/php]
#2 Not working:
[php]<?php
@session_start();
// >> START OF “after session init” [SESS001] [POST] [START] [SRV] [74927473-E5E6-47E6-9F06-64B0176D9DCB] [Mtas Data]
// << END OF “after session init” [SESS001] [POST] [STOP] [SRV] [74927473-E5E6-47E6-9F06-64B0176D9DCB] [Mtas Data] END>>
$_SESSION[“SkipConnectMySQL”] = “”;
require(‘qs_connection.php’);
require(‘qs_functions.php’);
//Check security login
$pagesecure_level = 3;
if (strtoupper(qsrequest(“logout”))==“Y”) {
$_SESSION[“Mtas_UserLevel”] = 0;
$_SESSION[“Mtas_Logon”] = “FALSE”;
$_SESSION[“Mtas_UserLogon”] = “”;
$_SESSION[“Mtas_RedirectURL”] = qssession(“firstredirecturl”);
header (“Location: ./mtas_login.php”);
exit();
}
if (qssession(“Mtas_Logon”) != “TRUE”) {
$_SESSION[“Mtas_RedirectURL”] = “./” . rawurlencode(“ferry”).".php?" . qsservervars(“QUERY_STRING”);
header (“Location: ./mtas_login.php”);
exit();
}
if (qssession(“Mtas_UserLevel”) == “”) {
$_SESSION[“Mtas_UserLevel”] = 0;
}
if (qssession(“Mtas_UserLevel”) < $pagesecure_level) {
$_SESSION[“Mtas_Logon”] = “FALSE”;
$_SESSION[“Mtas_RedirectURL”] = “./” . rawurlencode(“ferry”).".php?" . qsservervars(“QUERY_STRING”);
include_once(‘mtas_login.php’);
exit();
}
?>