Correction:
Inside X.php, you have some authentication code. Maybe something simple as:
<?
if (!$valid) {
// redirect to story.php?storynum=X
}
// rest of article follows
?>
-Ben
-----Original Message-----
From: Benjamin Munoz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 4:20 PM
To: 'Miles Thompson'; [EMAIL PROTECTED]
Subject: RE: [PHP] How to keep unauthorized viewers out
Miles,
If you can save 2.htm as 2.php, use some authentication code.
Story.php becomes
<?
include "auth.inc";
include "header.inc";
include $storynum.".php";
include "footer.inc";
?>
Inside X.php, you have some authentication code. Maybe something simple as:
<?
if ($valid) {
// redirect to story.php?storynum=X
}
// rest of article follows
?>
Inside story.php, set $valid to true
<?
$valid = TRUE;
?>
Now accessing 2.php directly means that $valid is valid and you'll be
redirected to story.php.
Another option is to place all stories x.php into a story directory and
restrict access to this directory using Apache configuration directives.
-Ben
-----Original Message-----
From: Miles Thompson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 3:49 PM
To: [EMAIL PROTECTED]
Subject: [PHP] How to keep unauthorized viewers out
I'm using a pretty simple linking system for a subscription-based
newsletter site.
Stories and articles are in straight html files, reached by links from the
front page. Clicking on a link passes a story number. So the second story
on the index page would have this link: <A HREF="./story.php?storynum=2">
and story.php consists of just these lines:
<? include "auth.inc" ;
include "header.inc" ;
include $storynum.".htm" ;
include "footer.inc" ;
?>
If someone comes in the "right way", through the index page, they will have
to be authenticated, then the header, article and page footer are displayed.
There's nothing, however, to stop someone from typing an URL like this:
http://www.somepub.ca/2.htm and seeing the article. I assume they could
also come in that way via a search engine.
Any suggestions on how to stop that? Resources I should look at? I do want
to keep the stories in straight html as the editor is struggling now with
basic layout, etc.
Regards - Miles Thompson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
