get_permission($email);

@gert_cuykensAug 26.2005

So i have been working on this fancy login thingie ~~[url]~~http://racebikerenting.com/php/index.php[/url] but it would be a bit silly if anybody could just put /admin.php?email=me in the url and be a admin dont you think ?

so how do you go from index.php to admin.php so only the admin can acces the page ?

[code=php] case”online”: $permission=$user->get_permission($email); $url=$permission.”?email=”.$email; break; [/code]

to post a comment

PHP

8 Comments(s) _↴

@gert_cuykensauthorAug 26.2005 — #i think i would do just a other permission check in the admin.php before displaying anything ? But then agian if you gues the admin email i am screwed too...

So how do you pass a email and md5(passwd) on the safest way possible to a admin.php ?

@bokehAug 26.2005 — #Security by obscurity is no security at all!

@MauAug 26.2005 — #You should include an auth check on every page.

Just put this at the top:

[code=php]
 require("auth_check.php");
 [/code]

If the authentication fails, auth_check should kill the script with either die or exit resulting in a blank page.

@gert_cuykensauthorAug 27.2005 — #ok i put require($permission".htm"); into the index.php

now what do i put into user.htm so it displays a blank screen when doing this ?

.../user.htm?status=online

or some other url thingie

@gert_cuykensauthorAug 27.2005 — #I did it like this.

<?php

$status="login";

$permission="none";

$status=$user->login_user($email,$passwd);

$permission=$user->get_permission($email);

if ($status=="online" and $permission=="user"){

?>

<p>hello</p>

<?php

}

?>

Is this user.php secure or is there still a way to pass this if ($status=="online" and $permission=="user")

@rch10007Aug 27.2005 — #http://www.dogpile.com

Search for PHPSecurePages

@gert_cuykensauthorAug 27.2005 — #no thx i like mine better ?

@rch10007Aug 27.2005 — #there's some good coding in there to learn from...

Also in #PHP _↴

Session Problem [RESOLVED] requires!!Wordpress next page and tables

Success!

Help @gert_cuykens spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 6.1,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,
)...

get_permission($email);

8 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

get_permission($email);

8 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

8 Comments(s) _↴

Also in #PHP _↴