if statment to open webpage

tobytoby BeginnerLink Clerk
in Coding Languages
i have the code

if($_POST[password] == $correct)
{
http "blogentry.php";
} else {
echo "Password was incorect";
include("index.php");
}
?>

im trying to make it so if the password is entered correctly the page blogentry.php will load. the only thing is i dont know how to do this. I know if i put echo"password is correct" this will display but i dont want just text to display i want the page to actualy load. I'v tried include"blogentry.php" but this just opens up that page within that webpage which i dont want

can anyone help?
ufjoin_blue.gif

Comments

  • AeriffAeriff Junior Member Shared Hoster
    [PHP]if($_POST[password] == $correct)
    {
    header("Location: blogentry.php");
    } else {
    header("Location: index.php");
    }
    ?>[/PHP]

    :)
  • PythonPython Forum Leader The Royal RAM
    ^^ That should do it :D

    The Royal Ram

  • FelixFelix Junior Member Shared Hoster
    Hey (it's been a while peeps ^_^), I know this is a bit of a late reply but...

    Using the method shown above is not secure at all. All you are doing is redirecting the user to the blogentry.php file. If you want to prevent access to the blogentry.php file completely you need to implement some kind of security check.

    Use this code in login.php (or index.php wherever it is)
    [php]
    <?php
    // Set a session if the user enters correct password :)
    if($_POST == $correct)
    $_SESSION = $correct;
    else
    // Redirect to index page or force them to login again..
    ?>
    [/php]
    And then in blogentry.php you should check if a loggedin session variable is set and DOUBLE check it is the correct value.
    [php]
    <?php
    // Check for successful login...
    if(isset($_SESSION) && $_SESSION = $correct)
    {
    // Put your blogentry.php code here... ;)
    }
    ?>
    [/php]

    :D
  • AeriffAeriff Junior Member Shared Hoster
    I was well aware that t was insecure, I had no ida as to what blogentry.php was displaying. If the user had asked for security measures, I would have put them in place. :rolleyes: But otherwise, nice post.
  • xPureNLxxPureNLx Moderator The Royal RAM
    Felix wrote: »
    Hey (it's been a while peeps ^_^), I know this is a bit of a late reply but...

    Using the method shown above is not secure at all. All you are doing is redirecting the user to the blogentry.php file. If you want to prevent access to the blogentry.php file completely you need to implement some kind of security check.

    Use this code in login.php (or index.php wherever it is)
    [php]
    <?php
    // Set a session if the user enters correct password :)
    if($_POST == $correct)
    $_SESSION = $correct;
    else
    // Redirect to index page or force them to login again..
    ?>
    [/php]
    And then in blogentry.php you should check if a loggedin session variable is set and DOUBLE check it is the correct value.
    [php]
    <?php
    // Check for successful login...
    if(isset($_SESSION) && $_SESSION = $correct)
    {
    // Put your blogentry.php code here... ;)
    }
    ?>
    [/php]

    :D

    The only problem you'll have with such a method is "session hacking", a very easy way to break into parts of websites you don't want unauthorised people to come in.

    I don't exactly know how to prevent Session Hacking though. I think you should encrypt several things...
    signaru02am7.jpg
    [B]MSN: xPureNLx@gmail.com[/B]
Sign In or Register to comment.