This is at the top of every file requiring an authenticated user on one of our sites: <? include("secure.php")?> and secure.php consists of this, all on one line, with no cr or lf at the end. <? session_start();session_register( "origin" );$origin=$PHP_SELF; if( $HTTP_SERVER_VARS[ "PHP_AUTH_USER" ] !="winkum" && $HTTP_SERVER_VARS[ "PHP_AUTH_PW" ] !="blinkum" ) { if( !session_is_registered( "member_id" ) ) { header("Location: user_logon.php\n"); } }?>
The user_logon.php script handles all details of processing the user: reading their cookie and authenticating, prompting for username/password, authenticating & setting cookie. If authentication succeeds member_id is registered and created as a session var (it contains no info, merely exists) and the user is returned to the originating page, or by default, to index.php. The $HTTP_SERVER_VARS with the hard-coded passwords are there so that htdig can be authenticated to index these pages. Regards - Miles Thompson At 03:22 AM 2/12/2002 -0700, jas wrote: >I am wondering if there is a way to force users to come from a certain page. >For an example I am using a login page which once authenticated allows users >to change the contents of a web site without knowing alot of code etc. What >I would like to do is make sure that the content management system will not >be accessed unless the user logs in. I am certain sessions is the way to go >on this, however I am still new enough to not understand exactly how they >work and how to impliment them on a site. I have read a little bit on a >tutorial on php.net. If anyone can give me an example of how this could be >accomplished I would appriciate it. >Jas > > > >-- >PHP Database Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php