make sure that the test code is in every page you wish to protect, even the included 
ones, if its not there someone could still get the contents simply be typing in the 
url of 'other.php' should they guess it etc, better to be safe than sorry

-----Original Message-----
From: Steve Bradwell [mailto:[EMAIL PROTECTED]]
Sent: 26 September 2002 15:02
To: Rodrigo; PHP
Subject: RE: [PHP-DB] Session understanding

If you include the other page AFTER you do this check you'll be fine. So run
your if statement and then add an else...include "other.php";


-----Original Message-----
From: Rodrigo [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 26, 2002 9:38 AM
Subject: [PHP-DB] Session understanding

Hi people,

if i use this code:

        if(empty($_SESSION['username'])) {
                die('An error has ocurred. It may be that you have not
logged in, or that your session has expired.
                        Please try <a href="login.php">logging in</a> again
or contact the 
                        <a href="mailto:[EMAIL PROTECTED]";>system
in one page to check if the user is logged, and in this same page i include
another page, do i have to put this same test in this page that is beiing
included??? this question may be dumb but i donīt know....thnaks a lot for
the help.....

        Equipe Pratic Sistemas
        Rodrigo Corręa
        Fone: (14) 441-1700

PHP Database Mailing List (
To unsubscribe, visit:

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to