> I have set up a section of my company site for use by authorized dealers
> only. I am currently using
> mysql authorization, which works for the first page, but if someone were
> type in the url of an
> underlying page they would be able to get in without authorization. I know
> I could use .htaccess
> for handling this but with a minimum of 350 -400 users to keep track of
> that would be unwieldly to
> say the least, especially for my boss who doesn't have a clue about *nix
> and has never even heard
> of .htaccess.
> What other options do I have to keep the underlying pages from being
> accessed without the user
> being forced to go through the logon screen?
You have to make a check on every page that the user is valid. Start a
session on the first page, after they log in, and then check for a variable
in this session on each subsequent page. If it's there, then they are good.
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php