Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Nov 2005
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Question Securing a database

    I have a database that is completely run by php. It's made to track things and each users needs NOT have permission to see the others (for security reasons).

    I have a login page which calls an authentication page. That authentication page calls another file with the users and passwords and matches them up to decide what link to throw at the user.

    That's all fine and dandy, but my problem is I can just type in the page that displays the database in a table and it goes to it bypassing my authentication.

    Suggestions? I was thinking about using headers to make the page have to be referred by the login page but then when a user tries to make a change within the page itself and it's not being referred from the login page they are going to get kicked out.

    I'm in a real predicament. I can show specific pieces of code if you need it let me know. I'm not sure what you'd need to see. It's just a generic.

    Page 1 is a table
    Page 2 is the authentication PHP code which calls:
    Page 3 is the list of users
    Page 4,5,6,7 and 8 are one of the user's pages with their specific database.

  • #2
    New Coder
    Join Date
    Nov 2005
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Double post, sorry.

    Is there a way I can make it authenticate then load the rest of a single page according to what credentials they put in? All at the same time while NOT displaying any pertinent information to crackers wanting to get the info? I mean, I can't put the username and password in plain sight in the code, I know that would be stupid.

  • #3
    New Coder
    Join Date
    Jan 2008
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    are you talking about using sessions?
    When user has logged in you store for example their username to session and then in the browsing page you just check that the session is valid.

    http://www.tizag.com/phpT/phpsessions.php


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •