Access only via login and password, Inhibiting direct access via url

Navigation
1

I made an access login system, but I would like the user to be required to log in with the login and password, thus inhibiting direct access via the url.

Anyone can access the page via URL by entering the address. I would like to inhibit this type of access, making the user only access the page via login and password!

I'll be adding the codes created below:

Login Code: 

<?php 
session_start();
$_SESSION['logado'] = 1;
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><?php include "../conexao.php"; ?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Painel Adm. - Login</title>
<link href='http://fonts.googleapis.com/css?family=Oswald:400,300,700' rel='stylesheet' type='text/css' />
<link rel="stylesheet" type="text/css" href="css_login/style.css" />
</head>

<body>
<?php
$logotipo = $_POST['logotipo']; 

$query = mysql_query("SELECT * FROM topo");
$res = mysql_fetch_array($query);
?>

<div id="logo" class="form bradius">
<div align="center" class="logo"><img src="../upload/<?php echo $res['logotipo'] ;?>" width="auto" height="58" /></div>
<div class="acomodar">
<form name="enter" method="post" action="" enctype="multipart/form-data">
<label for="login">Login: </label><input id="login" type="text" class="txt bradius" name="login" value="" />
<label for="senha">Senha: </label><input  id="senha" type="password" class="txt bradius" name="senha" value="" />
<input type="submit" class="sb bradius" name="enter" value="Entrar" />
</form>
<?php
if(isset($_POST['enter'])){

$login = $_POST['login'];
$senha = $_POST['senha'];

$query = mysql_query("SELECT * FROM usuario WHERE login = '$login' AND senha = '$senha'");
$conta = mysql_num_rows($query);

if($conta == '0'){
echo "<script language='javascript'>window.alert('Usuario e senha nao corresponde!');</script>";
}else{

while($res = mysql_fetch_array($query)){
$id = $res ['id'];
$nome = $res ['nome'];
$login = $res ['login'];
$senha = $res ['senha'];
$nivel = $res ['nivel'];

if($nivel == 'admin'){
echo "<script language='javascript'>window.location='http://www.buziosnegocios.com.br/admin/painel/index.php?login=$login&senha=$senha';</script>";
}else{
echo "<script language='javascript'>window.alert('Erro ao acessar seu Painel Admin.!');</script>";
}}}}
?>

<!--acomodar-->
</div>
<!--login-->
</div>
</body>
</html>

Page to be inhibited to direct access via URL: 

<?php
session_start();
if (!isset($_SESSION['logado']) || $_SESSION['logado'] !== 1){
header("Location: http://www.buziosnegocios.com.br/admin/index.php");   
} else { 
$username = $_SESSION['user'];
$idusername = $_SESSION['iduser'];
session_destroy();
exit;
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Page</title>
<meta name="generator" content="WYSIWYG Web Builder 10 - http://www.wysiwygwebbuilder.com">
<link href="#.css" rel="stylesheet" type="text/css">
</head>
<body style="
background-color: #FFF;
color: #000000;
font-family: Arial;
font-size: 13px;
margin: 0;
text-align: center;">

<div id="container" style="
background-color: #FF6;
width: 1000px;
position: relative;
margin: 0 auto 0 auto;
text-align: left;">

<br>
Menu
<br>

</div>
</body>
</html>

If friends can help me inhibit direct access via URL, I'll be very grateful.

A BRIGADON to everyone for attention.

    
asked by anonymous 23.06.2015 / 20:30

3 answers

2

If at login you start the session by putting $_SESSION['logado'] = 1 enough you put in a funcoes.php file where your pages will call them, and execute a function for example: 


function validaAcesso($usuario){
   if(empty($usuario)):
      header("Location: http://www.buziosnegocios.com.br/admin/index.php");
   endif;
}

validaAcesso($_SESSION['logado']);

If the session is empty it has not logged in, then redirect it.

You can apply the same idea to the panel's disconnect button 


function desconectar(){
   session_unset();
    header("Location: http://www.buziosnegocios.com.br/admin/index.php");
}

clicked, removed the session and returned to the login, of course there are n ways to do but this gives you a good idea of how to proceed.

    
23.06.2015 / 20:51
0

Friend, this is less so:

Either you do a function that checks whether there is a session with the logged in user, or you include the verification code on every page that you want to access directly.

In logic, you check if the user entered in the form is the same as bd, as is the password as well. If it is true, it creates the session and redirects it to the page to be accessed, if it is false you destroy the session and redirect it to the login page.

I hope I have helped.

if ($ userp == $ user & $ passp == $ pass) {

    $_SESSION['user'] = $userp;
                        $_SESSION['pass'] = $passp;
                        header('Location: inserir.php');
                        exit(); 
                   }else{
                        unset($_SESSION['user']);
                        unset($_SESSION['pass']);
                        header('Location: index.php');
                    exit();

}

    
23.06.2015 / 22:57
0

Hello friends I'm answering my own question, because I was able to solve it with the help of a YouTube tutorial link (Which I would like to share with friends), with some adaptations for my project, and I will publish below the codes that I created for it to work.

Login page: 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><?php include "../conexao.php"; ?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Painel Adm. - Login</title>
<link href='http://fonts.googleapis.com/css?family=Oswald:400,300,700' rel='stylesheet' type='text/css' />
<link rel="stylesheet" type="text/css" href="css_login/style.css" />
</head>

<body>
<?php
$logotipo = $_POST['logotipo']; 

$query = mysql_query("SELECT * FROM topo");
$res = mysql_fetch_array($query);
?>

<div id="logo" class="form bradius">
<div align="center" class="logo"><img src="../upload/<?php echo  $res['logotipo'] ;?>" width="auto" height="58" /></div>
<div class="acomodar">
<form name="enter" method="post" action="logar.php" enctype="multipart/form-data">
<label for="login">Login: </label><input id="login" type="text" class="txt bradius" name="login" value="" />
<label for="senha">Senha: </label><input  id="senha" type="password" class="txt bradius" name="senha" value="" />
<input type="submit" class="sb bradius" name="enter" value="Entrar" />
</form>
<!--acomodar-->
</div>
<!--login-->
</div>
</body>
</html>

Logar.php page: 

<?php 
session_start();
?>
<?php include "../conexao.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Logando Usuário</title>
<script type="text/javascript">
function logado(){
setTimeout("window.location='painel/index.php'", 5000); 
}

function deslogado(){
setTimeout("window.location='index.php'", 5000);    
}
</script>
</head>
<body>
<?php 
$login = $_POST["login"];
$senha = $_POST["senha"];
$sql = mysql_query("SELECT * FROM usuario WHERE login = '$login' and senha = '$senha'") or die(mysql_error());
$row = mysql_num_rows($sql);
if ($row > 0){
$_SESSION["login"]=$_POST["login"];
$_SESSION["senha"]=$_POST["senha"];
    echo "<script>logado()</script>";
}else{
    echo "<center>Login ou Senha do usuário inválido! Tente Novamente!</center>";
    echo "<script>deslogado()</script>";
}
?>
</body>
</html>

Restricted page.php: 

<?php
session_start();
if(!isset($_SESSION["login"]) || !isset($_SESSION["senha"])){
header("Location: ../index.php");
exit;
}
?>

Logout.php page: 

<?php
session_start();
session_destroy();
header("Location: index.php");
?>

Panel access page index.php: 

<?php include "../restrito.php"; ?>

<?php include "topo.php"; ?>
<?php include "cont.php"; ?>

Remembering to friends that I made the inclusion of the restricted page.php on all the pages that I wish to be restricted to the user with access via login and password, without conditions of accessing them direct via url.

I thank everyone for the attention to my problem, and I hope to help with this solution that I found for the restriction via direct URL access.

Hugs to all.

    
24.06.2015 / 21:49
How to use an API in C ++? Modify variable when clicking javascript and PHP