Don't use HTTP_REFERER as is it not always available and can be munged.
If you just want the user to have to use some sort of authentication, you could always create a page that uses PHP_AUTH and require that page on all of your subsequent pages. It isn't PHP sessions or cookies, but it is a pretty easy, convenient way to require authentication. HTH Sam Masiello Software Quality Assurance Engineer Synacor (716) 853-1362 X289 [EMAIL PROTECTED] ----- Original Message ----- From: "Rick Emery" <[EMAIL PROTECTED]> To: "'jas'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, February 12, 2002 5:18 PM Subject: RE: [PHP-DB] Required pages... > Verify that $HTTP_REFERER is the URL the user was supposed to come from. > Somethig like (you may have to tweak it because I cannot test where I am > now): > > if( strcmp($HTTP_REFERER,"www.mydomain.com/login.html") ) > { > header("Location: http://www.mydomain.com/login.html"); > exit; > } > > > -----Original Message----- > From: jas [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 12, 2002 4:23 AM > To: [EMAIL PROTECTED] > Subject: [PHP-DB] Required pages... > > > I am wondering if there is a way to force users to come from a certain page. > For an example I am using a login page which once authenticated allows users > to change the contents of a web site without knowing alot of code etc. What > I would like to do is make sure that the content management system will not > be accessed unless the user logs in. I am certain sessions is the way to go > on this, however I am still new enough to not understand exactly how they > work and how to impliment them on a site. I have read a little bit on a > tutorial on php.net. If anyone can give me an example of how this could be > accomplished I would appriciate it. > Jas > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php