473,513 Members | 2,601 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

need help with user authentication routine

I am trying to develop a simple user authentication routine.

I started with something I got from a book called "PHP in Easy Steps."
It works like this:

- create a table in a database with basic user information: name,
login, password
- create a simple html form which loads "authenticate.php" when the
submit button is pushed.
- autheticate.php checks the login against the database, and loads the
next file, if the user is authenticated.

I have all that working. The problem, if you haven't guessed, is that
somebody can bypass the entire thing, if that person the the file(s)
that are loaded after the authetication. i.e.

http://urlname/sensitivedata.html

So how do I fix this? Cookies? Can I check if the user is authenticated
in each subsequent file that might be loaded?

Apr 12 '06 #1
1 1484
>I am trying to develop a simple user authentication routine.

I started with something I got from a book called "PHP in Easy Steps."
It works like this:

- create a table in a database with basic user information: name,
login, password
- create a simple html form which loads "authenticate.php" when the
submit button is pushed.
- autheticate.php checks the login against the database, and loads the
next file, if the user is authenticated.

I have all that working. The problem, if you haven't guessed, is that
somebody can bypass the entire thing, if that person the the file(s)
that are loaded after the authetication. i.e.
(1) Make sure that there *is* no next file. (Put it in *this* file).
(2) If there is a next file, make sure it has no URL (it's outside
the document tree).

Often, every file to be protected would include "authenticate.php"
up front. Sometimes it is useful, after successful authentication,
to output a Content-type header followed by fpassthru() called on
a file outside the document tree (this is one way to protect images or
files to be downloaded).

Whether or not you do full authentication each time or if you leave behind
a cookie or session variable which is checked later is up to you.
http://urlname/sensitivedata.html

So how do I fix this? Cookies? Can I check if the user is authenticated
in each subsequent file that might be loaded?


Gordon L. Burditt
Apr 13 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
1651
problem with authentication routine
by: Alliss | last post by:
The code below comes from a Webmonkey tutorial ( with a couple of modifications tagged by // which I do not think are relevant) I cannot get it to work. Any help would be appreciated. The php...
PHP
1
2111
Need to Change Developers Acct to Windows Authentication
by: sherkozmo | last post by:
I have my SQL 7.0 server set for Mixed security. I see now (finally) the advantages of having windows authentication security for windows groups. I do most of my developing in Access Projects...
Microsoft SQL Server
12
10764
Problem with WWW-Authenticate HTTP header
by: Ian | last post by:
I'm hoping someome more knowledgeable than I can help me with a problem I'm having. I have been writing a system using PHP and MySQL and had it running for testing purposes on my own pc which is...
HTML / CSS
9
1958
Need to pass information into a web page.
by: Paul | last post by:
What I am trying to do is as follows. I have a page with 3 links,that direct the user to 3 different pages when selected after login. So all link selections will first direct the user to a login...
ASP.NET
2
2884
Urgent - need help with logging anonymous and Active Dir users without login form
by: pv | last post by:
Hi everyone, I need help with following scenario, please: Users are accessing same web server from intranet (users previously authenticated in Active Dir) and from extranet (common public...
ASP.NET
1
1411
Authentication in ASP.NET. Need an opinion.
by: Shapper | last post by:
Hello, I am developing a web site where half of the pages are public and the other half are accessible only to registered users. The pages which are accessible only to registered users have...
ASP.NET
3
1735
Authentication in Asp.Net 2.0. Please, I need help. Thank You.
by: Miguel Dias Moura | last post by:
Hello, I am working on an Asp.Net 2.0 / SQL 2005 web project where: 1. All users must login. 2. There will be two user types: student and professor. The students and professors are not related....
ASP.NET
1
280
need help with user authentication routine
by: walterbyrd | last post by:
I am trying to develop a simple user authentication routine. I started with something I got from a book called "PHP in Easy Steps." It works like this: - create a table in a database with...
PHP
1
2253
need alt. Session auth. (.htaccess php_value)
by: awebguynow | last post by:
My shared-host doesn't allow php_value directives in .htaccess I was using an "auto_prepend_file" on my local development machine, that helped me implement a Session based authentication...
PHP
0
7259
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7158
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7380
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7535
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
7098
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
7523
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
1
5085
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
3232
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
455
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us