This is at the top of every file requiring an authenticated user on one of
our sites:
<? include("secure.php")?>
and secure.php consists of this, all on one line, with no cr or lf at the end.
<? session_start();session_register( "origin" );$origin=$PHP_SELF; if(
$HTTP_SERVER_VARS[ "PHP_AUTH_USER" ] !="winkum" && $HTTP_SERVER_VARS[
"PHP_AUTH_PW" ] !="blinkum" ) { if( !session_is_registered( "member_id" ) )
{ header("Location: user_logon.php\n"); } }?>
The user_logon.php script handles all details of processing the user:
reading their cookie and authenticating, prompting for username/password,
authenticating & setting cookie. If authentication succeeds member_id is
registered and created as a session var (it contains no info, merely
exists) and the user is returned to the originating page, or by default, to
index.php.
The $HTTP_SERVER_VARS with the hard-coded passwords are there so that htdig
can be authenticated to index these pages.
Regards - Miles Thompson
At 03:22 AM 2/12/2002 -0700, jas wrote:
>I am wondering if there is a way to force users to come from a certain page.
>For an example I am using a login page which once authenticated allows users
>to change the contents of a web site without knowing alot of code etc. What
>I would like to do is make sure that the content management system will not
>be accessed unless the user logs in. I am certain sessions is the way to go
>on this, however I am still new enough to not understand exactly how they
>work and how to impliment them on a site. I have read a little bit on a
>tutorial on php.net. If anyone can give me an example of how this could be
>accomplished I would appriciate it.
>Jas
>
>
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
