Posted by Moot on 10/11/06 20:29

Garry Jones wrote:
> I am allowing a user to access a page if they know the password and enter it
> on a form, I process that form with another php page, if its the wrong
> password i do not display sensitive information.
>
> However if the user looks in source coude and sees the name of the
> processing page he can simply type in that name and get to the page anyway.
> Okay - he can not see so much, just a lot of empty fields as I only load
> data if pwd check is okay, but its untidy and I want to refuse the user the
> page completely if he has not arrived at it in the way intended.
>
> How do I do that?
>
> Garry Jones

If the check fails (ex: if the password is wrong, or they navigate
directly to the page), then use header("location: whatever"); to
redirect them immediately to some other page.

[Back to original message]