Jump to content

Advice on best method ?

Zola

By Zola
in PHP Coding Help

 Share

Recommended Posts

Zola Member

Zola

Posted
Posted

I have a restricted page for members of a website. This restricted area is within a directory called 'download.'

 

There is a login form on two pages (home and support pages, found in the main menu). These pages are on the site root directory. When the user successfully logs in they are taken inside the download directory to index.php.

 

This index.php has a different look to the site root design. I have since redesigned this page to have the same structure as the site root pages.

 

I would love for the user to able to navigate around the main site if they wanted, and when they clicked support in the menu they would have all the download files there on the page, instead of a login form.

 

My question is how would I implement this login so that when the user logs in the support page changes from the login page to the page with the files.

 

I don't want to to duplicate the site within the download directory, I was hoping for an efficient method, but I am unsure how to go about it. 

 

 

 

 

 

Link to comment
Share on other sites
sunfighter Newbie

sunfighter

Posted
Posted

when a user signs in look up to see if they have download rights. In the menu php do an IF on that to put the menu item in that goes to the download page. Now only people that can download can get there.

 

More = Make a folder called secret and have the button go there. Have the index file check for a cookie and if they do then send them to the download page. Do this in php.

 

cookie = use a stange name for this like 'favorites' and have the code be something close to what the non downloaders will get. Like: @GFegcAbc for non and @GFeccAbc for people that can.

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

when a user signs in look up to see if they have download rights. In the menu php do an IF on that to put the menu item in that goes to the download page. Now only people that can download can get there.

 

More = Make a folder called secret and have the button go there. Have the index file check for a cookie and if they do then send them to the download page. Do this in php.

 

cookie = use a stange name for this like 'favorites' and have the code be something close to what the non downloaders will get. Like: @GFegcAbc for non and @GFeccAbc for people that can.

 

Sorry, but absolutely don't follow that advice. Security should never be achieved through obfuscation. And, cookies is a bad choice since they can be modified by the users. The solution is simple. Whenever someone logs in simply set a session variable. Then you would use that value for two things:

 

1. On the menus/links you display you would use that value to determine whether you will display the links to the download page

2. On accessing the download page you would check if the session value is set. If yes, show the download content. If no, then show the login page.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.