Don't use HTTP_REFERER as is it not always available and can be munged.

If you just want the user to have to use some sort of authentication, you
could always create a page that uses PHP_AUTH and require that page on all
of your subsequent pages.  It isn't PHP sessions or cookies, but it is a
pretty easy, convenient way to require authentication.


Sam Masiello
Software Quality Assurance Engineer
(716) 853-1362 X289

----- Original Message -----
From: "Rick Emery" <[EMAIL PROTECTED]>
Sent: Tuesday, February 12, 2002 5:18 PM
Subject: RE: [PHP-DB] Required pages...

> Verify that $HTTP_REFERER is the URL the user was supposed to come from.
> Somethig like (you may have to tweak it because I cannot test where I am
> now):
> if( strcmp($HTTP_REFERER,"") )
> {
> header("Location:";);
> exit;
> }
> -----Original Message-----
> From: jas [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 12, 2002 4:23 AM
> Subject: [PHP-DB] Required pages...
> I am wondering if there is a way to force users to come from a certain
> For an example I am using a login page which once authenticated allows
> to change the contents of a web site without knowing alot of code etc.
> I would like to do is make sure that the content management system will
> be accessed unless the user logs in.  I am certain sessions is the way to
> on this, however I am still new enough to not understand exactly how they
> work and how to impliment them on a site.  I have read a little bit on a
> tutorial on  If anyone can give me an example of how this could
> accomplished I would appriciate it.
> Jas
> --
> PHP Database Mailing List (
> To unsubscribe, visit:
> --
> PHP Database Mailing List (
> To unsubscribe, visit:

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to