I had a similar problem, but I can't promise that my solution is the best
way to go about it. After the user was validated, I set a cookie. I then had
all subsequent pages start with an if statement that checked for the cookie.
If there was no cookie, they were sent back to the entry point. Another
option if your application is somehow linear would be to make sure that the
referring page is what you wanted it to be.

-----Original Message-----
Sent: Monday, September 23, 2002 10:14 AM
Subject: [PHP-DB] advise needed for 'authorized only' site

I have set up a section of my company site for use by authorized dealers
only. I am currently using
mysql authorization, which works for the first page, but if someone were to
type in the url of an
underlying page they would be able to get in without authorization. I know
I could use .htaccess
for handling this but with a minimum of 350 -400 users to keep track of
that would be unwieldly to
say the least, especially for my boss who doesn't have a clue about *nix
and has never even heard
of .htaccess.

What other options do I have to keep the underlying pages from being
accessed without the user
being forced to go through the logon screen?


Chip Wiegand
Computer Services
Simrad, Inc

"There is no reason anyone would want a computer in their home."
     --Ken Olson, president, chairman and founder of Digital Equipment
Corporation, 1977
 (They why do I have 9? Somebody help me!)

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to