Mick,
Since you have the login screens, etc. already, once a user is
authenticated, start a session and register a session variable, using a
meaningful value fetched from the database. I use "member_id", but anything
will do.
At the very top of each page you want to protect, with no spaces or
ANYTHING before it, add this code:
<? session_start(); if( !session_is_registered( "member_id" ) ) {
header("Location: user_logon.php\n"); } ?>
The pages all have to have a .php extension so that this code will
execute, but other than this one line they can be straight HTML.
When a user hits the page, coming from anywhere, and doesn't have a session
registered with something in "member_id", he is redirected to the logon
page, creatively named "user_logon.php".
The beauty of this is that the session disappears when the browser is
closed, you can also provide a "logout" function which has only to destroy
the session variable. Now you can dispense with .htaccess and .htpasswd.
To protect each directory, all you need is an index.php in each, containing
nothing more than this line. Anyone blundering in will be directed to log
on. If you prefer to not protect some pages in a directory, leave the line
off.
More than a word, and I hope it's helpful - Miles
At 03:09 AM 4/5/01 +0100, Mick Lloyd wrote:
>Can anyone point me to a tutorial that explains in words of one syllable how
>to protect files/directories without using .htaccess and .htpasswd.
>
>I have log-in screens that search an authorized users database for name,
>password, level before they can get into the site. But each time someone (ie
>me at the moment) tries to log-in, the browser throws up the (HTTP
>Authentication?) dialog box - I guess because I have .htaccess and .htpasswd
>protecting the directories where the scripts reside. I would prefer not to
>have this happen and rely only on authentication from the database. But how
>do I then protect the directories/scripts from anyone wanting to have a look
>(not that they're worth much!).
>
>Thanks
>
>Mick Lloyd
>[EMAIL PROTECTED]
>Tel: +44 (0)1684 560224
>
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
