Securing a PHP web application pages

How to secure the pages of a php web application

Page 1 of 1

2 Replies - 1413 Views - Last Post: 12 May 2010 - 02:52 PM

#1 RedRabbit  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 71
  • Joined: 09-May 10

Securing a PHP web application pages

Posted 12 May 2010 - 04:22 AM

Hello everyone, hope you guys are having an easy day!

I have a question about building a web application in PHP, I searched for this and didn't find it so I decided to post it here under web development.

Basically I have built a login script for the application where it authenticates your username and password. If its correct then it stores the user ID in the $_SESSION variable and redirects the user to the main back office so it remembers the user etc.

Now the problem I have is if you are not logged in and just type the URL of the page of the login script for example:

www.WebApp.com/my_details.php


the above page will open and you can access it but it wont display your details or who you are. Because the $_SESSION does not know who you are and there are no cookies telling it who you are.

How do I secure this hole for the above page and others. What is the best way to do it?

I was thinking I will create a new function called authentication() where if the username and password are set then the authentication will be true else false.

Depending on if its true or false it redirects to the appropriate page.

Is this the right way to go? Or is there a better more secure way to achieve this?

Thanks for your time.
Peace!

Is This A Good Question/Topic? 0
  • +

Replies To: Securing a PHP web application pages

#2 Raju2047  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 6
  • View blog
  • Posts: 55
  • Joined: 16-February 09

Re: Securing a PHP web application pages

Posted 12 May 2010 - 04:35 AM

in every private page, just check check for the userID in $_SESSION variable.. if no any userid detected then redirect it to login page...
Was This Post Helpful? 1
  • +
  • -

#3 RedRabbit  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 71
  • Joined: 09-May 10

Re: Securing a PHP web application pages

Posted 12 May 2010 - 02:52 PM

Thanks I got it to work.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1