Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trying to password protect page and its individual ajax includes. 1

Status
Not open for further replies.

maharg

Technical User
Mar 21, 2002
184
Hi

I have a page which uses sessions for user login, because the pages are commercially sensitive.

At the top of each page I have...

Code:
<?php
session_start();
if (isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
  //Do Nothing
} else {
  $redirect = $_SERVER['PHP_SELF'];
  header("Refresh: 2; URL=login.php?redirect=$redirect");
  echo "You are being directed to the NPB login page.<br>";
  echo "(If your browser doesn't support this, " .
       "<a href=\"login.php?redirect=$redirect\">click here</a>)";
  die();
}
?>

Now, I also use ajax to pull in some dynamic php page elements, and if you 'view source' of the loaded page, you can see the urls of these dynamic sections in the javascript.

If you open these urls separately , you can view the content of those files.

I tried adding my session code above, to each of these sub-pages, which works, but I get
Notice: A session had already been started - ignoring session_start() in E:\domains\l\london-electronics.com\user\htdocs\NPB\include_authorisation.php on line 2

Any suggestions on how to protect the sub-pages and the overall page? Or can I suppress the above Notice somehow?

Thanks and regards,

Graham

 
Code:
//instead of session_start();
[red]if(session_id() == '') [/red]session_start();

but you should not need to protect 'sub-pages' (I assume these are pages that are 'included' by the main script - they execute within the scope of the main page).
 
No unfortunately they are not php includes, but are ajax sections which have javascript wrappers which reveal the source URL if you want to find it. The Ajax updates the page with info from a separate file - panel1.php = every 5 seconds

You can see this, which reveal panel1.php as a source file when you view source ...

Code:
var jq=jQuery.noConflict();
jq(document).ready(function() {jq("#panel1").load("panel1.php");
var refreshId = setInterval(function() {jq("#panel1").load('panel1.php?randval='+ Math.random());},5000);
jq.ajaxSetup({ cache: false });
}
);
 
jpadie - perfect answer- thank you so much - works exactly as I wished.
 
Hi, you could chmod (change permissions) for the include-files :)

Olav Alexander Mjelde
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top