PHP SQL - How to protect content from direct access via URL?

Author

How to protect content from direct access via URL?

shawn

2005-05-03, 3:57 pm

Hi,

My question is how I can make sure that some content are only abailable to
logged in users? If I have a piece of content, say a software and I only
offer it to the registered and logged in users. Where should I put it and
how should I protect it from someone who hacked to actual URL and by pass
the login process? Should I put it ouiside the web root or something?

I am using a mysql database and session control to handle login.

Any ideas or pointers will be much appreciated.

Thanks!

Shawn

Georges.Kuntz

2005-05-04, 8:56 am

"shawn" <shawn@noemail.nowhere.com> a écrit dans le message de
news:hsydnabq7vhnOerfRVn-2Q@rogers.com...
> Hi,
>
> My question is how I can make sure that some content are only abailable to
> logged in users? If I have a piece of content, say a software and I only
> offer it to the registered and logged in users. Where should I put it and
> how should I protect it from someone who hacked to actual URL and by pass
> the login process? Should I put it ouiside the web root or something?
>
> I am using a mysql database and session control to handle login.
>
> Any ideas or pointers will be much appreciated.
>
> Thanks!
>
> Shawn
>
Hi,

you should do like this : (on top of your page php you like to protect )

session_start(); // On relaye la session
if (session_is_registered("authentification") && $_SESSION['privilege'] ==
"user" || $_SESSION['privilege'] == "public"|| $_SESSION['privilege'] ==
"admin" || $_SESSION['privilege'] == "redacteur"){ // vérification sur la
session authentification (la session est elle enregistrée ?)
}
else {
header("Location:index.php?erreur=intru"); // redirection en cas d'echec
}
?>

And only logged in users can accès the page. And when you had something to
dowload from the page protect your download directory with a .htacces (deny
from all)

Georges

Sponsored Links