If the page they type on the URL is available it will be displayed. Security is the remit of the web server not (realy) PHP. However what i do is have a is_logged_in function which uses session varable. Something like if ( is_logged_in() ) { ... do stuff .... } esle { display_error( 'sod off, you ant logged in!'); } Better still the is_logged_in in function could display the error message and you would not need the else. To extend this you could implenent user levels. Punter could be 0, Administrater 5 and Superuser 9. You could then pass this torough to the function. So is_logged_in 5 would return true if user was at least of level 5 (allowing levels 5,6,7,8,9 access). For pages for punters wjo must be logged in use is_logged_in(). Regards, Ben "Seb Frost" <[EMAIL PROTECTED]> on 13/09/2001 11:36:54 To: <[EMAIL PROTECTED]> cc: Subject: [PHP] URL security...? ok I know if I have a URL like /images/$fileName then someone could be malicious by using ".." to get to the root directory. What I want to know is, if a URL absolutely starts with /images/ on my website, is there someway that someone can modify the remainder of the path such that it actually goes to a different website? Do you see what I'm saying? cheers, - seb frost -----Original Message----- From: GaM3R [mailto:[EMAIL PROTECTED]] Sent: 13 September 2001 09:39 To: [EMAIL PROTECTED] Subject: [PHP] help!!! Cannot load /usr/local/apache_adserv/libexec/libphp4.so into server: /usr/local/apache_adserv/libexec/libphp4.so: Undefined symbol "mpz_add_ui" . . . configure line of ./configure '--with-apxs=/usr/local/apache_adserv/bin/apxs' '--with-mysql=/usr/local' '--enable-versioning' '--enable-inline-optimization' '--with-gd=/usr/local' '--with-pgsql=/usr/local/pgsql' --enable-apc --with-gmp --with-config-file-p ath=/usr/local/apache_adserv/php.ini Cameron outworld.cx --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.277 / Virus Database: 146 - Release Date: 05/09/2001 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.277 / Virus Database: 146 - Release Date: 05/09/2001 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]