Sorry, finder troble.  The message should read:-

If the page they type on the URL is available it will be displayed.
Security is the remit of the web server not (realy) PHP.  However what i do
is have a is_logged_in function which uses session varable.  Something like

if ( is_logged_in() ) {
  do stuff
} esle {
  display_error( 'sod off, you ant logged in!');

Better still the is_logged_in in function could display the error message
and you would not need the else.

To extend this you could implenent user levels.  Punter could be 0,
Administrater 5 and Superuser 9.  You could then pass this torough to the
function.  So is_logged_in(5) would return true if user was at least of
level 5 (allowing levels 5,6,7,8,9 access).  For pages for punters who must
be logged in use is_logged_in(0).


[EMAIL PROTECTED] on 13/09/2001 12:53:48

Subject:  Re: [PHP] URL security...?

"Seb Frost" <[EMAIL PROTECTED]> on 13/09/2001 11:36:54

Subject:  [PHP] URL security...?

ok I know if I have a URL like /images/$fileName then someone could be
malicious by using ".." to get to the root directory.

What I want to know is, if a URL absolutely starts with /images/ on my
website, is there someway that someone can modify the remainder of the path
such that it actually goes to a different website?  Do you see what I'm


- seb frost

-----Original Message-----
From: GaM3R [mailto:[EMAIL PROTECTED]]
Sent: 13 September 2001 09:39
Subject: [PHP] help!!!

Cannot load /usr/local/apache_adserv/libexec/ into server:
/usr/local/apache_adserv/libexec/ Undefined symbol "mpz_add_ui"

. . . configure line of

./configure '--with-apxs=/usr/local/apache_adserv/bin/apxs'
'--with-mysql=/usr/local' '--enable-versioning'
'--enable-inline-optimization' '--with-gd=/usr/local'
'--with-pgsql=/usr/local/pgsql' --enable-apc --with-gmp


Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (
Version: 6.0.277 / Virus Database: 146 - Release Date: 05/09/2001

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (
Version: 6.0.277 / Virus Database: 146 - Release Date: 05/09/2001

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to