user2768251
Reputation: 27
Getting access to the protected page when shouldn't
Ok, so my problem is that I have a page which requires $_SESSION['loggedIn'] to be true and if it's not, than i'm redirecting to login page. Everything works fine, except that when I tried to get access to this page with simplest cURL:
$url2 = 'http://localhost/page/which/requires/session_variable';
$ch = curl_init($url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
echo $result;
I got the content of the page. How Can I fix that?
Upvotes: 0
Views: 77
Answers (1)
Maxim Kumpan
Reputation: 2625
CURL will ignore the header directive and move on if the script doesn't stop at that stage.
Return a 403 forbidden as an else clause and die() or exit() immediately afterwards, after failing the isLoggedIn check and CURL will no longer get access.
Upvotes: 1
Related Questions
- How do I behave responsibly when fetching a URL provided by user?
- PHP Curl request response 403 - not authorized
- Prevent CURL to access to specific pages
- Grabbing protected content through cURL
- Access Denied: Using cURL php to fetch the content of a page
- Getting past security answer using PHP CURL
- Retrieving secured pages with curl
- Using curl with PHP to authenticate - mysterious security
- php curl - accessing url with http authentication (need help)
- php: get content of a protected page?