Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 4 of 4
  1. #1
    Junior Member
    Join Date
    Dec 2008
    Posts
    11
    Member #
    17847
    Hi all,
    I have developed an internal website for my school but have a question on security.

    One of the pages on the site requires a username and password to gain access to a the next page(I will call it the blocked page here) which only certain staff can access. The login functionality work fine. However a user can gain access to the blocked page without the username and password by just typing in the url to that page. The blocked page name can be found in the source code of the login page.

    This is the code Im calling in the login page

    <form name="form1" onsubmit="return validateFormOnSubmit(this)" action="blocked_Page.html" method="get">

    Can anyone tell me how I can make this more secure so that staff who should not have assess to the blocked page cannot browse to it so easily?

    Thanks in advance

    cc30

  2.  

  3. #2
    Senior Member
    Join Date
    May 2003
    Location
    UK
    Posts
    2,354
    Member #
    1326
    Do you have any server side languages installed on your school server? It sounds like an Intranet to me.

    If you do, what you can do is create a session variable(s) when the user enters the correct credentials. Your form tag would look something like this:

    HTML Code:
    <form action="blocked_page.php" method="post">
    Now on blocked_page.php you would check the values of the data the user entered and if it is correct, set a session variable (so that if a user goes from blocked_page.php to anyotherpage.php they can come back to bloxkws_page.php without being told to login again.

    Then, further down the page in blocked_page.php you will check for the existence of a session variable and if so: display the sensitive data.

    Before we can offer you any more advice we need to know if your web host/server supports any technologies, such as PHP, ASP or Perl.

  4. #3
    Member
    Join Date
    Feb 2010
    Posts
    81
    Member #
    21154
    Use cookies!!
    Set the system to create a cookie if login is sucessful. The cookie is saved on the users computer and then only they can access the page.

    Then on the pages that you want to only be available to logged in users do this:
    PHP Code:
    <?php
    session_start
    ();
    if (!isset(
    $_SESSION['REPLACE THIS TEXT WITH THE COOKIENAME']))
    {
     die (
    "Please Login Or Register to View this Page!");
    }
    ?>
    Then after this continue with your content as normal or as I like to do, place this php code within the content so it doesn't look out of place.

    I had to make a system similar to this for my school too so that's where I got this from.

  5. #4
    Junior Member
    Join Date
    Feb 2010
    Location
    3 Locust Street, Suite A Assonet, MA 02702
    Posts
    6
    Member #
    21118
    I think you should read this article. it would provide some kind of help to you

    http://info.ssl.com/article.aspx?id=10068


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 09:24 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com