This is at the top of every file  requiring an authenticated user on one of 
our sites:
<? include("secure.php")?>
and secure.php consists of this, all on one line, with no cr or lf at the end.
<? session_start();session_register( "origin" );$origin=$PHP_SELF; if( 
$HTTP_SERVER_VARS[ "PHP_AUTH_USER" ] !="winkum" && $HTTP_SERVER_VARS[ 
"PHP_AUTH_PW" ] !="blinkum" ) { if( !session_is_registered( "member_id" ) ) 
{ header("Location: user_logon.php\n"); } }?>

The user_logon.php script handles all details of processing the user: 
reading their cookie and authenticating, prompting for username/password, 
authenticating & setting cookie. If authentication succeeds member_id is 
registered and created as a session var (it contains no info, merely 
exists) and the user is returned to the originating page, or by default, to 
index.php.

The $HTTP_SERVER_VARS with the hard-coded passwords are there so that htdig 
can be authenticated to index these pages.

Regards - Miles Thompson


At 03:22 AM 2/12/2002 -0700, jas wrote:
>I am wondering if there is a way to force users to come from a certain page.
>For an example I am using a login page which once authenticated allows users
>to change the contents of a web site without knowing alot of code etc.  What
>I would like to do is make sure that the content management system will not
>be accessed unless the user logs in.  I am certain sessions is the way to go
>on this, however I am still new enough to not understand exactly how they
>work and how to impliment them on a site.  I have read a little bit on a
>tutorial on php.net.  If anyone can give me an example of how this could be
>accomplished I would appriciate it.
>Jas
>
>
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to