I wrote this script in an effort to help avoid the "security by obscurity" issue. You see...even though log in scripts require you enter a name and password in order to view a particular resource once the location of the resource is known the visitor can bypass the normal log in procedure and just go straight to the "secure" page. How the script works:
1) When the user logs in and his username and password have been verified his username is logged to a file then he is redirected to the "secure" page.
2) As soon as the "secure" page loads it opens the log file to see if a valid user name is found. If so it will erase the log and then display the protected page content. The reason the script wipes the log clear is so no one (including the original visitor) can access the page again without re-logging on.
3) If someone tries to go directly to the "secure" page without signing in the script will read an empty log and display an error to the visitor. *NOTE: The user.log file will have to have read/write permissions in order to work.
( 1 vote )
Member Rating:
Be the first to 
