Hi
I've started making a guestbook and want to add an admin CP. Here is the relavent code.
PHP Code:
function Show_Content()
{
session_start();
print "<html>
<head><title>Guestbook Administration </title></head>
<frameset cols='185, *' frameborder='no' border='0' framespacing='0'>
<frame name='menu' noresize scrolling='auto' src='?CODE=02&act=menu'>
<frame name='body' noresize scrolling='auto' src='?CODE=02&act=$index>
</frameset>
</html>";
}
function Show_Pages()
{
global $act, $CODE;
session_start();
$choice = array
(
"idx" => "idx",
"menu" => "menu"
);
if ($choice[$_GET['act']] == 'idx' || $_GET['act'] == 'index')
{
Display_Content();
}
else if ($choice[$_GET['act']] == "menu")
{
Admin_Menu();
}
else
{
print "why the heck is this here??";
Do_Login();
}
}
OK, Before i ask the questions, let me just say this. Display_Content(), Admin_Menu() have just 2 lines
session_start();
and print statement (for now).
As you can see, Show_Content() is called once the login has passed, the Show_Content() calls a framed page. Since i dont want to load pages as such (i want to load functions in the frames) I use the ?CODE=02&act=menu/index
At the top of the script is a switch statement which basically calls Show_Pages() when it reads 02 from the URL. Using the 2nd query, the right function is shown.
All this works so far. Except for a hitch. Even though i dont login, i can directly access the URLs ...CODE=02&act=menu
Obviously this is not right. How do i make sure that the URL can't be accessed unless the session is active? I'm not using cookies and its kinda getting confused. How do i verify EACH time the user clicks on the link that he is who he says he is?
I've not posted the login code because i don want to confuse anyone. But If you think it'd help i'll post it.
Thanks
Dev Articles Community Forums Sponsor:
September 30th, 2004, 12:30 PM
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
