robhurring/insecure.php

## insecure.php
<?php
session_start();

// Check for the session[user_id] param to see if the user is logged in
if(!isset($_SESSION['user_id']))
  header('location:login.php');

echo 'This is my secret page.'

//  curl http://localhost/insecure.php
//  => "This is my secret page."
?>

## less_insecure.php
<?php
session_start();

// Check for the session[user_id] param to see if the user is logged in
if(!isset($_SESSION['user_id']))
{
  header('location:login.php');
  echo 'Denied.';
  exit();
}
echo 'This is my secret page.'

//  curl http://localhost/less_insecure.php.php
//  => "Denied."
?>
	<?php
	session_start();

	// Check for the session[user_id] param to see if the user is logged in
	if(!isset($_SESSION['user_id']))
	header('location:login.php');

	echo 'This is my secret page.'

	// curl http://localhost/insecure.php
	// => "This is my secret page."
	?>