Bryan Koschmann - GKT wrote:
Hello,
I have gotten used to using .htaccess to protect files/directories, but now I am looking at a need to authenticate against mysql. I have no problem actually getting it to authenticate, but I'm wondering what the simplest way to prevent someone from hitting anything other than the main page (and not needing authenticate) without having to login at every page.
I'm assuming I would use something with sessions. Does anyone have a quick sample of how to do this?
Yes, create a session variable using this syntax:
$_SESSION['logged_in'] = false;
Then authenticate the user. If the authentication succeeds, then change the variable's value to true.
$_SESSION['logged_in'] = true;
Now on every page except your login page, test for the session variable before displaying the page. If it's present and valid, display the page as usual, if not, redirect to the login page.
if (isset($_SESSION['logged_in']) &&
$_SESSION['logged_in'] == true) {
// display page
}
else {
header("Location: http://domain.com/login";);
exit("Sorry, you are not logged in.");
}The details are all in the manual under "Sessions" and Session-related functions.
Erik
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
