[menukadevinda]

hi,
i am new to php..
i have a problem in my web application regarding security.

when i logged into the administrator page

i check username and password, apart from that i need to confirm whether data recieved through GET OR POST methode. I validate that by using resume condition.

if($_SERVER['REQUEST_METHOD']=='POST')


if user is correct, i navigate to another pages from the admin page.
but the problem is when i copy the url of that page and past it in a different browser i can directly enter to the
i didn't apply in every page of the administrator if($_SERVER['REQUEST_METHOD']=='POST') condition.( it is not nice to me.i think it is not good programing to put top of the page the condition to validate whether requested methode is post or get..)
i need to know any option that can handle my problem.

thx in advance.
menuka

[Dogstopper]

Why is this in PHP Tutorials?

**Moved to PHP**

[Eric115]

Maybe you should try using session variables to make sure that the person is logged in and if they're not, they can be redirected to the index page. Something along the lines of: (this is what I use and I am fairly new to PHP so this may not be the best way to do it!)

<?php
//start the session before the <html> tag
session_start();
if (isset($_SESSION["loggedIn"])) {
//load the page up. The $_SESSION["loggedIn"] will have to be set when they log in
} else {
    header("Location: index.php") // the index.php can changed to whatever page you want
}

Again, I am new to php and this is the method I use it may not be the best method, but I hope I could help!

This post has been edited by Eric115: 11 May 2011 - 03:00 AM

[codeprada]

The solution to your problem which is implementing a user-login feature isn't as simple as you think it is.

Read up on this tutorial. If you can't follow it then I'd suggest you go over the basics before attempting such.