By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,521 Members | 1,460 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,521 IT Pros & Developers. It's quick & easy.

Sessions, authentication, files and functions...

P: n/a
Hi...

I'm writing a website builder. There are two 'halves' of it, codewise: The
admin pages and the public pages. I intend to use sessions to hold
information about validated users (to modify page content you'll have to
provide a valid user/pass) to control access to certain files. Or possibly
functions....

I'm writing a class for each different 'type' of page. (article, journal,
gallery etc etc) However... there are two parts for the class. On the admin
side, I want to keep all the functions and processes that administer the
pages (such as uploading a new picture, modifying text or deleting whole
sections) secure, so that there's no chance of unauthorised users using some
devious methods to modify the site content. On the public side, there are
functions that display the content on the page. Obviously, everyone needs
access to these public functions. Initially, I was going to write two
classes; a base class and an extended class, but have the extended class
(which would be the one containing the administrative functions) in a
subfolder (/secure or somesuch) and then put my session authentication check
at the beginning of each of the files in this 'secure' folder.

But, after some thinking, I thought about just writing one class, and
instead of putting the session authentication check at the 'file' level,
putting it at the 'function' level, so that unless the user is
authenticated, the function will simply exit (along with some form of
redirection to a login page or whatever).

Would this work? Any opinions would be greatly appreciated : )

Plankmeister.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003
Jul 16 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
you need some kind of authentication check in every file that is
publicly available -- even in the ones that are not meant to be called
directly.

On Thu, 28 Aug 2003 17:23:50 +0200, "The Plankmeister"
<plankmeister_NO_@_SPAM_hotmail.com> wrote:
Hi...

I'm writing a website builder. There are two 'halves' of it, codewise: The
admin pages and the public pages. I intend to use sessions to hold
information about validated users (to modify page content you'll have to
provide a valid user/pass) to control access to certain files. Or possibly
functions....

I'm writing a class for each different 'type' of page. (article, journal,
gallery etc etc) However... there are two parts for the class. On the admin
side, I want to keep all the functions and processes that administer the
pages (such as uploading a new picture, modifying text or deleting whole
sections) secure, so that there's no chance of unauthorised users using some
devious methods to modify the site content. On the public side, there are
functions that display the content on the page. Obviously, everyone needs
access to these public functions. Initially, I was going to write two
classes; a base class and an extended class, but have the extended class
(which would be the one containing the administrative functions) in a
subfolder (/secure or somesuch) and then put my session authentication check
at the beginning of each of the files in this 'secure' folder.

But, after some thinking, I thought about just writing one class, and
instead of putting the session authentication check at the 'file' level,
putting it at the 'function' level, so that unless the user is
authenticated, the function will simply exit (along with some form of
redirection to a login page or whatever).

Would this work? Any opinions would be greatly appreciated : )

Plankmeister.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003


Jul 16 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.