Problems with a password controlled website

I have designed a Membership only web site, the entry for which, is password controlled in generic form, i.e. "renovate" or whatever allows any Member to access the website However I have found two weaknesses.

Firstly
If someone genuinally enters the web site, using the password "renovate", and then saves a particular url that they visited e.g. www.domain.com/second-page.html into their favourites, they can, in future, access the web site directly by visiting their Favourite links and selecting that hyperlink. I really want them to log in properly EACH time.

Secondly

The website has around 300 pages and has been optimised. Therefore most of the web pages can be found in the likes e.g. Google etc by typing in a particular search term. If browsers then click on the Search Engine hyperlink, the appropariate page of course displays, permitting NON MEMBERS to enter the web site proper. To access a singular page, in this manner, is not a concern to me, however I want to stop them from proceeding further to examine other pages by use of the menu.

I am relatively new to PHP and am struggling to find any assistance whatsoever in books etc. It is as though this problem has never been encoutered before. I am sure that is not true.

I appreciate that part of the answer could be to allow Members to access the website by individual password allocation, but I do not have email addresses for all the Members which would make that rather difficult.

Any asssistance would be greatly appreciated.

Regards

Cheyanne

Comments

  • : I have designed a Membership only web site, the entry for which, is
    : password controlled in generic form, i.e. "renovate" or whatever
    : allows any Member to access the website However I have found two
    : weaknesses.
    :
    : Firstly
    : If someone genuinally enters the web site, using the password
    : "renovate", and then saves a particular url that they visited e.g.
    : www.domain.com/second-page.html into their favourites, they can, in
    : future, access the web site directly by visiting their Favourite
    : links and selecting that hyperlink. I really want them to log in
    : properly EACH time.
    :
    : Secondly
    :
    : The website has around 300 pages and has been optimised. Therefore
    : most of the web pages can be found in the likes e.g. Google etc by
    : typing in a particular search term. If browsers then click on the
    : Search Engine hyperlink, the appropariate page of course displays,
    : permitting NON MEMBERS to enter the web site proper. To access a
    : singular page, in this manner, is not a concern to me, however I
    : want to stop them from proceeding further to examine other pages by
    : use of the menu.
    :
    : I am relatively new to PHP and am struggling to find any assistance
    : whatsoever in books etc. It is as though this problem has never been
    : encoutered before. I am sure that is not true.
    :
    : I appreciate that part of the answer could be to allow Members to
    : access the website by individual password allocation, but I do not
    : have email addresses for all the Members which would make that
    : rather difficult.
    :
    : Any asssistance would be greatly appreciated.
    :
    : Regards
    :
    : Cheyanne
    :
    :
    You should use a security realm for this. Most webservers have various ways of defining security realms and control the access to it. Even when a link is bookmarked (or added to google) people cannot enter it if they cannot enter the realm to which it belongs.
    For more info on this for the Apache webserver: http://httpd.apache.org/docs/2.2/howto/auth.html
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

In this Discussion