RE: [PHP] How to keep unauthorized viewers out

Tue, 16 Jan 2001 18:07:33 -0800 

A dummy idea:

in story.php you put a key in:

<? include "auth.inc" ;
include "header.inc" ;
unset($key);
$key = 'BHEKFBSA"IjsjbdshlycgewypH:*:YEWCnbms';
include $storynum.".htm" ;
include "footer.inc" ;
?>

then key.php will have this:
if($key != 'BHEKFBSA"IjsjbdshlycgewypH:*:YEWCnbms';) Exit;

then in every file you wish to protect include key.php and the articles will
show up only in case it was included, or someone knew what to type in the
URL...

another idea, might not be suitable for you, but would be much smarter:
is to pass-protect the directory with articles (it HAS to be a different
directory from the story.php)
the article will then be still shown under the password or when only
included by PHP...

there's a whole bunch of ways to do what you're asking ...

Cheers,
Maxim Maletsky ..

-----Original Message-----
From: Miles Thompson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 17, 2001 8:49 AM
To: [EMAIL PROTECTED]
Subject: [PHP] How to keep unauthorized viewers out


I'm using a pretty simple linking system for a subscription-based 
newsletter site.

Stories and articles are in straight html files, reached by links from the 
front page. Clicking on a link passes a story number. So the second story 
on the index page would have this link: <A HREF="./story.php?storynum=2">

and story.php consists of just these lines:

<? include "auth.inc" ;
include "header.inc" ;
include $storynum.".htm" ;
include "footer.inc" ;
?>

If someone comes in the "right way", through the index page, they will have 
to be authenticated, then the header, article and page footer are displayed.

There's nothing, however, to stop someone from typing an URL like this:
http://www.somepub.ca/2.htm and seeing the article. I assume they could 
also come in that way via a search engine.

Any suggestions on how to stop that? Resources I should look at? I do want 
to keep the stories in straight html as the editor is struggling now with 
basic layout, etc.

Regards - Miles Thompson



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to