hi jas,

am sure you asked this before and i already replied.  Anyway miles posted
this which is more elaborated than the one i proposed:

***

This is at the top of every file  requiring an authenticated user on one of
our sites:
<? include("secure.php")?>
and secure.php consists of this, all on one line, with no cr or lf at the
end.
<? session_start();session_register( "origin" );$origin=$PHP_SELF;

$HTTP_SERVER_VARS[ "PHP_AUTH_USER" ] !="winkum" &&
TP_SERVER_VARS[ 
"PHP_AUTH_PW" ] !="blinkum" ) { if( !session_is_registered( "member_id" ) ) 
{ header("Location: user_logon.php\n"); } }?>

The user_logon.php script handles all details of processing the user: 
reading their cookie and authenticating, prompting for username/password, 
authenticating & setting cookie. If authentication succeeds member_id is 
registered and created as a session var (it contains no info, merely 
exists) and the user is returned to the originating page, or by default, to 
index.php.

The $HTTP_SERVER_VARS with the hard-coded passwords are there so that htdig 
can be authenticated to index these pages.

Regards - Miles Thompson



----- Original Message ----- 
From: "jas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 27, 2002 12:03 AM
Subject: [PHP-DB] Re: forced page links...


> Can you accomplish this without having the user logged in?  I am unconcerned
> with whether or not the user has logged in, I simply need the user to not be
> able to bypass a page with a form to go directly to the end page which will
> connect and store the form contents into a db.
> Thanks in advance,
> Jas
> "Lerp" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi there :) I use session variables to do this, once the user has logged
> in
> > and you know they are who they say they are, set a session variable using
> >
> > session_register("isloggedin");
> > $isloggedin = "yes";
> >
> >
> > And at the top of every page
 you want protected simply do a check to see
> if
> > it is set or not. Below code checks to see if that var is set and if not
> it
> > redirects them to another page.
> >
> > <?php session_start(); ?>
> > <?php
> >
> > if (!isset($HTTP_SESSION_VARS["islogged"])){
> >
> > header("Location:index.php");
> > }
> >
> > ?>
> >
> >
> > Hope this helps, Joe :)
> >
> >
> > "Jas" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I am wondering if there is a good tutorial on how to use php to make
> users
> > > come from a page before they can access another.  For instance, say
you
> > have
> > > one page called index.php which contains a form that once filled in
> links
> > to
> > > a confirmation page to verify the users data was entered correctly
then
> > from
> > > there links to a page that stores the users data into a database
table.
> > The
> > > problem I would like to alleviate is to make sure the users cannot
just
> > type
> > > in the name of the last page in the url and put a blank entry into the
> > > database.  I have read a few tutorials on using sessions but I am
> unclear
> > on
> > > how the use of sessions would require the user to visit each page in
> > > succession.  Thanks in advance,
> > > Jas
> > >
> > >
> >
> >
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to