Giuseppe: php - How can you limit the access of unregistered users while giving registered users full access? -

Friday 15 February 2013

php - How can you limit the access of unregistered users while giving registered users full access? -

I am trying to create a webpage with users and information which can be used by registered users only. Can unregistered users see that it is possible to limit the file? if so, how? I already have a MySQL database which has a connection in index.php. Even what I have so far:

  & lt; Head & gt; & Lt; / Head & gt; & Lt; Body & gt; & Lt; H3 & gt; Sign up here: & lt; / H3 & gt; & Lt; Form method = "post" action = "userindex.php" & gt; Please enter a username: & lt; Input type = "text" name = "user name" value = "" /> gt; & Lt; Br / & gt; Please enter the password: & lt; Input type = "password" name = "password" value = "" /> & Lt; Br / & gt; & Lt; Input type = "submit" value = "submit" /> & Lt; / Form & gt; & Lt; / Body & gt; & Lt ;? Php included ("dbroutines.php"); If (isset ($ _ POST ['username'])) {if ($ _POST ['username']> '& amp; amp; amp; $ _POST [' password '] & gt;' ') {$ Q = "user (name, password) value ('.' $ _ POST ['username']. '', ''. $ _ POST ['password']. '' '')"; Echo 'query =' $ Q; $ Conn = db_connect (); $ Result = $ conn- & gt; Query ($ Q); Echo & lt; Br />xxx'.$conn->error."xxx "; Not set ($ _ post ['username']); Not set ($ _post ['password']); } Else {Echo 'enter both username and password!'; }} $ Q = "name, choose a password from user"; $ Conn = db_connect (); $ Result = $ conn- & gt; Query ($ Q); Resonance 'xxx' $ Conn- & gt; Error. "Xxx"; If ($ result) {echo '& lt; Hour / & gt; '; ($ Count = 0; $ row = $ result-> fetch_row (); ++ $ count) {echo $ count. "Name =". $ Line [0]. "Password =". $ Row [1] '& Lt; Br / & gt; '; } Echo & lt; B style = "color: red;" & Gt; there '. $ Count. ' Users in your database! '.' & Lt; / B & gt; & Lt; Hour / & gt; '; }    With this, you can specify which type of user access to certain files like userinx.fp?   
 
  I think verifying the user is not a fool proof solution Token should be kept that this user is a registered user. You will have to create a normal php page, called security php, where you will enter the following code, because the smart user can directly type the URL and access your confidential page. You need to include this page at the top of each php page, which you want to protect.  
  if (! Isset ($ _ session ['authId'])) {header ('location: login php'); Go out; }    

 




Posted by



Unknown




at

02:22











Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest




No comments:







Post a Comment