prevent public access to file

fourcs

My application uses several form action files. I use a login and session variables to make information available among several action files (add/modify/delete actions). I've found that one can avoid login in and go directly to an add/modify/delete action. The resulting action will add records to the record table but won't have a user id that would be obtained by logging in. But the record table volumn can still be affected. I've fooled with file permissions but so far have not been successful. I've tried putting a login snippet on the add/modify/delete files, but that interferes with login user add/modiy/delete action. Any suggestions?😕

sneakyimp

you should edit your add/modify/delete files so that they look at the session variables. If the user is not logged in, they should die and report an error. If the user is logged in, you should set those session vars that the add/modify/delete files are expecting to see.

cam815

If your session handling is in it's own file (e.g. session.inc) you could require( 'session.inc' ); first in each of your form action files and simply have a check within the session.inc file that more or less says:

if( not a valid user ){
header( "Location: http://loginpagetokickthemto" );
}

fourcs

Thanks, Mates, I guess my session variables are out for lunch. Will be trying to get them in order. Thanks for your expeditious replies here🙂