php - How do I prevent the ability to change the URL and see other users folders -


i have directory of folders , want prevent user named "x" whos files availiable this:reports/x/2015/04/ changing x y , seeing of folers in y. have sessions working need logged in see folders, if logged in x can see y folder changing url. here index.php.

<?php  session_start();  if(!isset($_session['username'])){    header("location:../../../../login/login.php"); }  require_once('../../../config.php'); require_once('../../../boilerplate.php');  global $smarty;  $smarty->display('general-report.tpl');

there's things inherently bad doing way, simplicity's sake, quick fix going checking see if username matches folder name.

so, looking @ code, this.

if ($username == $dir_name) { $smarty->display('general-report.tpl'); } else { $smarty->display('error.tpl'); }

now, why shouldn't doing way...

the logged in username shouldn't visible in url.

you don't want people start sharing usernames around via urls , have mischievous people start brute forcing way login system since know various usernames.

if me, i'd have report urls same , have logged in username determine user's reports show.

that way know it's visible person , if share url somewhere, username won't getting out wild.


Comments

Post a Comment

Popular posts from this blog

android - MPAndroidChart - How to add Annotations or images to the chart -

i working latest mpandroidchart library , looking way add annotations or images clickable. example: once data reaches value event occurs want able display user - there multiple events can occur annotations (not sure if right word) or image added @ point in chart. any pointers welcome. check documentation of yaxis . focus on setspacetop(...) , setaxismaxvalue(...) methods. for background: bar-shadow , disable calling: barchart.setdrawbarshadow(false) or change color: bardataset.setbarshadowcolor(int color)
Read more

javascript - Add class to another page attribute using URL id - Jquery -

i have attached id url. ex: when click link 1 , has #tab-2 id , takes me landing page. in landing page have find element has #tab-2 id have add class .active . i tried no luck. please 1 correct code. thanks js fiddle link html <div class="menu"> <ul> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-2">link 1</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-44">link 2</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-74">link 3</a></li> </ul> </div> landing page <div class="tab"> <ul> <li><a id="tab-2" class="active" >link 1 content</a></li> <li><a id="tab-44" >link 2 content</a></li> <li><a id="tab-74" >link 3 content</a></l...
Read more

firefox - Where is 'webgl.osmesalib' parameter? -

i'm trying webgl running on firefox (v37.0.2) via software acceleration mesa. tried following steps have been stated in article: http://www.binarytides.com/enable-webgl-firefox-ubuntu/ however, unable find parameter named ' webgl.osmesalib ' in about:config section? has been removed (or renamed)? if yes, how should instruct firefox use mesa's software acceleration webgl? looks support osmesa removed in favour llvmpipe.
Read more