faqts : Computers : Programming : Languages : PHP

+ Search
Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

4 of 13 people (31%) answered Yes
Recently 3 of 10 people (30%) answered Yes


How do I block direct access

Nov 28th, 2008 11:23
healthy man, noel darlow, Thomas Anderson,

I have a page, A.php that make the authentification and get you to 
B.php?code=13 if your password was ok.  Now my problem is if 
someone type directly in the url B.php?code=13 it 
works....what I want (for sevurity matter) is that you cannot access 
the page B without first giving your password to A.  How can I do that?
Here's something I use which checks the query string (ie the text typed 
in the browser - see php manual):
function accessCheck () {
    $qr = $_SERVER['QUERY_STRING'];
    $qr = substr($qr, 0, 14);
    IF ($qr != "page=admin_1") {
        $badaccess = 1;
        return $badaccess;
    } ELSE {
        $badaccess = 0;
        return $badaccess;
I only want people to access functions in this file when substr
($header, 0, 14) == page=admin_1 (adjust the substr() arguments as 
appropriate). I run at the start of each function in the (admin) file 
and block access with a "return" step if someone got here with the 
wrong query string.
At least I hope that's what it does .. still learning lol.