Jump to content

Stopping Html From Being Sent


noan
 Share

Recommended Posts

Hi.I am working on a PHP login script, which is designed to be placed at the top of a HTML page. If the user enters an incorrect password I want the script to stop the server from sending the HTML page to the user (instead i will either insert some sort of dummy page or simply redirect them to an error page). the problem is i can't find a way of stopping the rest of the page from being sent. does anyone know of any function or something that can do this. i know i could place the whole page inside a PHP variable and ECHO it, but i'm writing this for someone else and i want to make it as simple as possible so that it can just be put in the page without any further modification to the code.thanks.

Link to comment
Share on other sites

You could have

<?php//logic codeif ($error) {?><form><!--etc.--></form><?php } ?>

Where $error of course is the error condition.

Link to comment
Share on other sites

Use an if else statement. Example:

$user = $_POST["user"];$pass = $_POST["pass"];if ($user == "Me" && $pass == "You") {header("Location: members.php");}else {echo "HEY BUDDY! DON'T YOU TRY GETTING ACCESS TO MY PAGE!";}

Link to comment
Share on other sites

The more typical plan is to have the login form and the login script contained in the same document. The form submits to itself, and PHP reads the POST variables. It checks them against the registration database.If the login passes, you set a session variable so that all other pages will know that the user is logged in. Then the script redirects to some other page. Every restricted page has a little bit of code that checks for the session variable.If the login fails, you adjust the login page somehow (an embedded message, a red X, something like that) and just reprint it.

Link to comment
Share on other sites

@mencarta - thats fine but then what stops someone from just going straight to members.php and bypassing the access control. i want to place my validation script at the top of each private page (which basically checks a session variable set by the main login page), and only allow the private page to be loaded by the browser if the user is logged in (session variables correct).@boen_robot - i'm not sure if i understand that script. i presume that <!--etc--> is where the private content goes (does it have to be inside <FORM> tags?). or would that be were the error page goes?

Link to comment
Share on other sites

@mencarta - thats fine but then what stops someone from just going straight to members.php and bypassing the access control. i want to place my validation script at the top of each private page (which basically checks a session variable set by the main login page), and only allow the private page to be loaded by the browser if the user is logged in (session variables correct).@boen_robot - i'm not sure if i understand that script. i presume that <!--etc--> is where the private content goes (does it have to be inside <FORM> tags?). or would that be were the error page goes?
on the top of the members page you should have your security stating that you must have a valid session_id to see the page if not return to the login page
Link to comment
Share on other sites

<?php   session_start();   if (!isset($_SESSION['user']) ) {	  header ('Location: login.php');	  exit;   }?>

That's the top of every restricted document. It could be an include file, too, but really this is not a lot of code and its intention is 100% clear. The actual html comes after that.Obviously, this assumes that users have first gone through a login script and that $_SESSION['user'] was set if the login validated.

Edited by Deirdre's Dad
Link to comment
Share on other sites

@deirdre's dad - thanks for that. can i just confirm one thing. say i had this page:

<?php   session_start();   if (!isset($_SESSION['user']) ) {      header ('Location: login.php');      exit;   }?><html><head><title>My Page</title></head><body><p>Some private content...</p></body></html

if the user wasn't logged in, would this script stop the rest of the page (the part between the two HTML tags) from being sent, and send only the redirect header, or would it send the redirect header followed by the rest of the page as normal?

Link to comment
Share on other sites

@boen_robot - i'm not sure if i understand that script. i presume that <!--etc--> is where the private content goes (does it have to be inside <FORM> tags?). or would that be were the error page goes?
"etc." means "and others", "and so on", "more"... in other words - "the rest of your code".What the whole script tries to show is that you can stop PHP at any time by typing "?>", and resume it at a later point with "<?php". Everything you have with PHP "off" is simply being outputted "as is". If you start a condition at some point (as is the case in the sample script), and turn off PHP within the "if" body, you'll only output the HTML if the condition is true.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...