JTekNet
05-13-2008, 04:38 PM
I have a database that is completely run by php. It's made to track things and each users needs NOT have permission to see the others (for security reasons).
I have a login page which calls an authentication page. That authentication page calls another file with the users and passwords and matches them up to decide what link to throw at the user.
That's all fine and dandy, but my problem is I can just type in the page that displays the database in a table and it goes to it bypassing my authentication.
Suggestions? I was thinking about using headers to make the page have to be referred by the login page but then when a user tries to make a change within the page itself and it's not being referred from the login page they are going to get kicked out.
I'm in a real predicament. I can show specific pieces of code if you need it let me know. I'm not sure what you'd need to see. It's just a generic.
Page 1 is a table
Page 2 is the authentication PHP code which calls:
Page 3 is the list of users
Page 4,5,6,7 and 8 are one of the user's pages with their specific database.
I have a login page which calls an authentication page. That authentication page calls another file with the users and passwords and matches them up to decide what link to throw at the user.
That's all fine and dandy, but my problem is I can just type in the page that displays the database in a table and it goes to it bypassing my authentication.
Suggestions? I was thinking about using headers to make the page have to be referred by the login page but then when a user tries to make a change within the page itself and it's not being referred from the login page they are going to get kicked out.
I'm in a real predicament. I can show specific pieces of code if you need it let me know. I'm not sure what you'd need to see. It's just a generic.
Page 1 is a table
Page 2 is the authentication PHP code which calls:
Page 3 is the list of users
Page 4,5,6,7 and 8 are one of the user's pages with their specific database.