FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » check user log and redirect
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: check user log and redirect [message #174504 is a reply to message #174494] Wed, 15 June 2011 05:05 Go to previous messageGo to previous message
Co is currently offline  Co
Messages: 75
Registered: May 2011
Karma:
Member
On 15 jun, 01:08, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> On 6/14/2011 3:51 PM, Co wrote:> Hi All,
>
>> I know Jerry will have comments again but I will post my question
>> anyway.
>> I have this code that checks if the user is logged in and if not it
>> should direct him to the login page.
>> However when I am not logged in I can still go to pages which I am not
>> supposed to go.
>> I tried to understand what the code is doing but I don't follow.
>> Can someone have a look at my code and tell me why I can still go to
>> restricted pages?
>
> <About 150 lines of code snipped>
>
> First of all, NEVER depend on cookies for anything important, like
> whether the user is logged in or not.  EVERYTHING from the user should
> be suspect, as it can very easily be faked.
>
> As for the rest - cut it down to the minimum needed to show the problem.
>   I'm not going to spend time going through 150+ lines of cryptic code,
> trying to figure out what you're doing.
>
> Looks like (another) script you just copied from the web without
> understanding what it does.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================

That's right. But still it doesn't seem to do what it was written for.

I added some more code to the pages which are restricted:
//////////////////////////////////////////////// Member log in
double check ///////////////////////////////////////////////////
if (!isset($_SESSION['idx'])) {
$msgToUser = '<br /><br /><font color="#FF0000">Only site members
can do that</font><p><a href="register.php">Join Here</a></p>';
include_once 'msgToUser.php';
exit();
} else if ($logOptions_id != $_SESSION['id']) {
$msgToUser = '<br /><br /><font color="#FF0000">Only site members can
do that</font><p><a href="register.php">Join Here</a></p>';
include_once 'msgToUser.php';
exit();
}
//////////////////////////////////////////////// End Member log
in double check


Marco
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Previous Topic: MySQL's PASSWORD() function
Next Topic: An overloading question
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 10 16:21:04 GMT 2024

Total time taken to generate the page: 0.06888 seconds