Cracking The Vault (part 1) - Entry Points
(Page 7 of 12 )
Once the user is successfully logged in, "out.php" takes over and generates a list of documents available to the user; this list includes documents the user may have uploaded, as well as documents the user has "view" rights for. If this is the first time you are logging in, you will probably see nothing; once you add documents, the screen will fill up.
Before we look at this script, however, I want to draw your attention to the script "add.php", accessible from the top right corner of the page and used to add new documents to the system. I'll explain this first, since it offers a logical starting point.
The first thing "add.php" (and every other script) does is to verify the existence of a valid session - this is necessary to prevent unauthorized users from viewing the pages. If a session doesn't exist, the browser is immediately redirected to the error handler.
<?
// check to ensure valid session, else redirect
session_start();
if (!session_is_registered("SESSION_UID"))
{
header("Location:error.php?ec=1");
exit;
}
// includes
include("config.php");
?>
Assuming a session exists, a basic HTML page is
built.
<html>
<head>
<basefont face="Verdana">
</head>
<body bgcolor="White">
<? include("menu.inc");?>
<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td bgcolor="#0000A0">
<b><font face="Arial" color="White">Add New Document</font></b>
</td>
</tr>
</table>
<!-- lots of code -->
</body>
</html>
I'm not going to go into details here - it's essentially
a bunch of HTML tables, all dressed up to look pretty - but I will draw your attention to the file "menu.inc", which contains the main menu for the page and is include()d on every page.
This article copyright Melonfire 2001. All rights reserved.Next: Seeding The System >>
More PHP Articles
More By Vikram Vaswani, (c) Melonfire
