3 Replies - 822 Views - Last Post: 11 May 2011 - 05:31 AM Rate Topic: -----

#1 menukadevinda  Icon User is offline

  • D.I.C Regular

Reputation: -7
  • View blog
  • Posts: 470
  • Joined: 14-April 11

php + security

Posted 11 May 2011 - 02:24 AM

hi,
i am new to php..
i have a problem in my web application regarding security.

when i logged into the administrator page

i check username and password, apart from that i need to confirm whether data recieved through GET OR POST methode. I validate that by using resume condition.

if($_SERVER['REQUEST_METHOD']=='POST')


if user is correct, i navigate to another pages from the admin page.
but the problem is when i copy the url of that page and past it in a different browser i can directly enter to the
i didn't apply in every page of the administrator if($_SERVER['REQUEST_METHOD']=='POST') condition.( it is not nice to me.i think it is not good programing to put top of the page the condition to validate whether requested methode is post or get..)
i need to know any option that can handle my problem.

thx in advance.
menuka

Is This A Good Question/Topic? 0
  • +

Replies To: php + security

#2 Dogstopper  Icon User is offline

  • The Ninjaducky
  • member icon



Reputation: 2872
  • View blog
  • Posts: 11,031
  • Joined: 15-July 08

Re: php + security

Posted 11 May 2011 - 02:35 AM

Why is this in PHP Tutorials?

**Moved to PHP**
Was This Post Helpful? 0
  • +
  • -

#3 Eric115  Icon User is offline

  • coderさん
  • member icon

Reputation: 63
  • View blog
  • Posts: 696
  • Joined: 19-January 09

Re: php + security

Posted 11 May 2011 - 02:59 AM

Maybe you should try using session variables to make sure that the person is logged in and if they're not, they can be redirected to the index page. Something along the lines of: (this is what I use and I am fairly new to PHP so this may not be the best way to do it!)
<?php
//start the session before the <html> tag
session_start();
if (isset($_SESSION["loggedIn"])) {
//load the page up. The $_SESSION["loggedIn"] will have to be set when they log in
} else {
    header("Location: index.php") // the index.php can changed to whatever page you want
}


Again, I am new to php and this is the method I use it may not be the best method, but I hope I could help!

This post has been edited by Eric115: 11 May 2011 - 03:00 AM

Was This Post Helpful? 1
  • +
  • -

#4 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 947
  • View blog
  • Posts: 2,355
  • Joined: 15-February 11

Re: php + security

Posted 11 May 2011 - 05:31 AM

The solution to your problem which is implementing a user-login feature isn't as simple as you think it is.

Read up on this tutorial. If you can't follow it then I'd suggest you go over the basics before attempting such.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1