Don't use HTTP_REFERER as is it not always available and can be munged.

If you just want the user to have to use some sort of authentication, you
could always create a page that uses PHP_AUTH and require that page on all
of your subsequent pages.  It isn't PHP sessions or cookies, but it is a
pretty easy, convenient way to require authentication.

HTH

Sam Masiello
Software Quality Assurance Engineer
Synacor
(716) 853-1362 X289
[EMAIL PROTECTED]

----- Original Message -----
From: "Rick Emery" <[EMAIL PROTECTED]>
To: "'jas'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, February 12, 2002 5:18 PM
Subject: RE: [PHP-DB] Required pages...


> Verify that $HTTP_REFERER is the URL the user was supposed to come from.
> Somethig like (you may have to tweak it because I cannot test where I am
> now):
>
> if( strcmp($HTTP_REFERER,"www.mydomain.com/login.html") )
> {
> header("Location: http://www.mydomain.com/login.html";);
> exit;
> }
>
>
> -----Original Message-----
> From: jas [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 12, 2002 4:23 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DB] Required pages...
>
>
> I am wondering if there is a way to force users to come from a certain
page.
> For an example I am using a login page which once authenticated allows
users
> to change the contents of a web site without knowing alot of code etc.
What
> I would like to do is make sure that the content management system will
not
> be accessed unless the user logs in.  I am certain sessions is the way to
go
> on this, however I am still new enough to not understand exactly how they
> work and how to impliment them on a site.  I have read a little bit on a
> tutorial on php.net.  If anyone can give me an example of how this could
be
> accomplished I would appriciate it.
> Jas
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to