> I have set up a section of my company site for use by authorized dealers > only. I am currently using > mysql authorization, which works for the first page, but if someone were to > type in the url of an > underlying page they would be able to get in without authorization. I know > I could use .htaccess > for handling this but with a minimum of 350 -400 users to keep track of > that would be unwieldly to > say the least, especially for my boss who doesn't have a clue about *nix > and has never even heard > of .htaccess. > > What other options do I have to keep the underlying pages from being > accessed without the user > being forced to go through the logon screen?
You have to make a check on every page that the user is valid. Start a session on the first page, after they log in, and then check for a variable in this session on each subsequent page. If it's there, then they are good. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php