I am new to php, and I want to know if it is safe to do it like this...
I currently have a login system to protect a few pages.
- Is it possible for a hacker to change the value of $logged_in?
- Is this safe?
- If it isn't. what is the best way to do it?
Files:
- not_logged_in.php
- test.php
- login.php
- logout.php
- protected_page_1
- protected_page_2
- unprotected_page_1
Code:
not_logged_in.php:
<html>
You are not logged in!
</html>
test.php:
<?php
$logged_in = false;
function protect_page() {
if($logged_in == false) {
header('Location: index.php');
exit();
}
}
?>
login.php:
<?php
include "test.php";
$logged_in = true;
?>
logout.php:
<?php
include "test.php";
$logged_in = false;
?>
protected_page_1.php:
<?php
include "test.php";
protect_page();
?>
<html>
Content
</html>
protected_page_2:
<?php
include "test.php";
protect_page();
?>
<html>
Content
</html>
unprotected_page_1:
<html>
Content
</html>
I completely understand that the login.php page just logs in and you don't have to give in a password, but that is just for testing currently...
Thanks for reading!