Re: check user log and redirect [message #174504 is a reply to message #174494] |
Wed, 15 June 2011 05:05 |
Co
Messages: 75 Registered: May 2011
Karma:
|
Member |
|
|
On 15 jun, 01:08, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> On 6/14/2011 3:51 PM, Co wrote:> Hi All,
>
>> I know Jerry will have comments again but I will post my question
>> anyway.
>> I have this code that checks if the user is logged in and if not it
>> should direct him to the login page.
>> However when I am not logged in I can still go to pages which I am not
>> supposed to go.
>> I tried to understand what the code is doing but I don't follow.
>> Can someone have a look at my code and tell me why I can still go to
>> restricted pages?
>
> <About 150 lines of code snipped>
>
> First of all, NEVER depend on cookies for anything important, like
> whether the user is logged in or not. EVERYTHING from the user should
> be suspect, as it can very easily be faked.
>
> As for the rest - cut it down to the minimum needed to show the problem.
> I'm not going to spend time going through 150+ lines of cryptic code,
> trying to figure out what you're doing.
>
> Looks like (another) script you just copied from the web without
> understanding what it does.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================
That's right. But still it doesn't seem to do what it was written for.
I added some more code to the pages which are restricted:
//////////////////////////////////////////////// Member log in
double check ///////////////////////////////////////////////////
if (!isset($_SESSION['idx'])) {
$msgToUser = '<br /><br /><font color="#FF0000">Only site members
can do that</font><p><a href="register.php">Join Here</a></p>';
include_once 'msgToUser.php';
exit();
} else if ($logOptions_id != $_SESSION['id']) {
$msgToUser = '<br /><br /><font color="#FF0000">Only site members can
do that</font><p><a href="register.php">Join Here</a></p>';
include_once 'msgToUser.php';
exit();
}
//////////////////////////////////////////////// End Member log
in double check
Marco
|
|
|