|
|
Posted by Garry Jones on 10/11/06 20:17
I am allowing a user to access a page if they know the password and enter it
on a form, I process that form with another php page, if its the wrong
password i do not display sensitive information.
However if the user looks in source coude and sees the name of the
processing page he can simply type in that name and get to the page anyway.
Okay - he can not see so much, just a lot of empty fields as I only load
data if pwd check is okay, but its untidy and I want to refuse the user the
page completely if he has not arrived at it in the way intended.
How do I do that?
Garry Jones
Navigation:
[Reply to this message]
|