hi jas, am sure you asked this before and i already replied. Anyway miles posted this which is more elaborated than the one i proposed:
*** This is at the top of every file requiring an authenticated user on one of our sites: <? include("secure.php")?> and secure.php consists of this, all on one line, with no cr or lf at the end. <? session_start();session_register( "origin" );$origin=$PHP_SELF; $HTTP_SERVER_VARS[ "PHP_AUTH_USER" ] !="winkum" && TP_SERVER_VARS[ "PHP_AUTH_PW" ] !="blinkum" ) { if( !session_is_registered( "member_id" ) ) { header("Location: user_logon.php\n"); } }?> The user_logon.php script handles all details of processing the user: reading their cookie and authenticating, prompting for username/password, authenticating & setting cookie. If authentication succeeds member_id is registered and created as a session var (it contains no info, merely exists) and the user is returned to the originating page, or by default, to index.php. The $HTTP_SERVER_VARS with the hard-coded passwords are there so that htdig can be authenticated to index these pages. Regards - Miles Thompson ----- Original Message ----- From: "jas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 27, 2002 12:03 AM Subject: [PHP-DB] Re: forced page links... > Can you accomplish this without having the user logged in? I am unconcerned > with whether or not the user has logged in, I simply need the user to not be > able to bypass a page with a form to go directly to the end page which will > connect and store the form contents into a db. > Thanks in advance, > Jas > "Lerp" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi there :) I use session variables to do this, once the user has logged > in > > and you know they are who they say they are, set a session variable using > > > > session_register("isloggedin"); > > $isloggedin = "yes"; > > > > > > And at the top of every page you want protected simply do a check to see > if > > it is set or not. Below code checks to see if that var is set and if not > it > > redirects them to another page. > > > > <?php session_start(); ?> > > <?php > > > > if (!isset($HTTP_SESSION_VARS["islogged"])){ > > > > header("Location:index.php"); > > } > > > > ?> > > > > > > Hope this helps, Joe :) > > > > > > "Jas" <[EMAIL PROTECTED]> wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > I am wondering if there is a good tutorial on how to use php to make > users > > > come from a page before they can access another. For instance, say you > > have > > > one page called index.php which contains a form that once filled in > links > > to > > > a confirmation page to verify the users data was entered correctly then > > from > > > there links to a page that stores the users data into a database table. > > The > > > problem I would like to alleviate is to make sure the users cannot just > > type > > > in the name of the last page in the url and put a blank entry into the > > > database. I have read a few tutorials on using sessions but I am > unclear > > on > > > how the use of sessions would require the user to visit each page in > > > succession. Thanks in advance, > > > Jas > > > > > > > > > > > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php