473,322 Members | 1,352 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Sessions, authentication, files and functions...

Hi...

I'm writing a website builder. There are two 'halves' of it, codewise: The
admin pages and the public pages. I intend to use sessions to hold
information about validated users (to modify page content you'll have to
provide a valid user/pass) to control access to certain files. Or possibly
functions....

I'm writing a class for each different 'type' of page. (article, journal,
gallery etc etc) However... there are two parts for the class. On the admin
side, I want to keep all the functions and processes that administer the
pages (such as uploading a new picture, modifying text or deleting whole
sections) secure, so that there's no chance of unauthorised users using some
devious methods to modify the site content. On the public side, there are
functions that display the content on the page. Obviously, everyone needs
access to these public functions. Initially, I was going to write two
classes; a base class and an extended class, but have the extended class
(which would be the one containing the administrative functions) in a
subfolder (/secure or somesuch) and then put my session authentication check
at the beginning of each of the files in this 'secure' folder.

But, after some thinking, I thought about just writing one class, and
instead of putting the session authentication check at the 'file' level,
putting it at the 'function' level, so that unless the user is
authenticated, the function will simply exit (along with some form of
redirection to a login page or whatever).

Would this work? Any opinions would be greatly appreciated : )

Plankmeister.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003
Jul 16 '05 #1
1 2199
you need some kind of authentication check in every file that is
publicly available -- even in the ones that are not meant to be called
directly.

On Thu, 28 Aug 2003 17:23:50 +0200, "The Plankmeister"
<plankmeister_NO_@_SPAM_hotmail.com> wrote:
Hi...

I'm writing a website builder. There are two 'halves' of it, codewise: The
admin pages and the public pages. I intend to use sessions to hold
information about validated users (to modify page content you'll have to
provide a valid user/pass) to control access to certain files. Or possibly
functions....

I'm writing a class for each different 'type' of page. (article, journal,
gallery etc etc) However... there are two parts for the class. On the admin
side, I want to keep all the functions and processes that administer the
pages (such as uploading a new picture, modifying text or deleting whole
sections) secure, so that there's no chance of unauthorised users using some
devious methods to modify the site content. On the public side, there are
functions that display the content on the page. Obviously, everyone needs
access to these public functions. Initially, I was going to write two
classes; a base class and an extended class, but have the extended class
(which would be the one containing the administrative functions) in a
subfolder (/secure or somesuch) and then put my session authentication check
at the beginning of each of the files in this 'secure' folder.

But, after some thinking, I thought about just writing one class, and
instead of putting the session authentication check at the 'file' level,
putting it at the 'function' level, so that unless the user is
authenticated, the function will simply exit (along with some form of
redirection to a login page or whatever).

Would this work? Any opinions would be greatly appreciated : )

Plankmeister.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003


Jul 16 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Chewy509 | last post by:
Hi Everyone, I'll just start, and say I am not a PHP developer (I'm a sysadmin, who has gotten lumped with a non-working website). But since I like to do this type of stuff, I though I might...
22
by: Theo | last post by:
Question for the group The authentication system for the site Im working on seems to function properly and all is good. A session keeps track of everything and a cookie is used to accept or deny...
2
by: dmcconkey | last post by:
Hi folks, I have two PHP questions concerning objects stored in sessions. I'm developing an intranet for a client to be run in a Redhat 8/Apapche 2/PHP 4/MySQL environment. All pages are...
9
by: Bartosz Wegrzyn | last post by:
I need help with sessions. I createt set of web site for nav with authorization. first I go into main.php which looks like this: <?php //common functions include_once '../login/common.php';...
10
by: Mark H | last post by:
Hey all-- I'm building a database and I basically need to keep out people who aren't authorized, but it's not like I need top security here. I'm just doing basic user/pass of a SQL database, and...
1
by: Rob | last post by:
I have an ASP.NET application that uses forms-based authentication. A user wishes to be able to run multiple sessions of this application simultaneously from the user's client machine. The...
1
by: Thomas Scheiderich | last post by:
Just when you figure out one problem another one shows up. I am trying to set up authentication for one of my folders and can't seem to get it to work as advertised (I am sure I am missing...
2
by: Cesar Ronchese | last post by:
Hello, I'm experiencing a very weird problem. I have a ASP.Net 2005 application (VB.Net) that creates some folders to store temporary files. example: Session_Start(...)...
3
by: Jon Slaughter | last post by:
Any pitfalls or stuff I need to worry about when working with sessions? I want to write a log file and hit counter along with a login interface and I'm trying to learn this stuff. ...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.