Assuming Apache: 1. use index.php or login.php as a log-in file, just as you are
2. if you have your heart set on naming the files .html instead of .php, then create a .htaccess file in the dir which forces .html files thru php for that directory 3. create a php file called "access_control.php" with (psuedo code) the following contents: --- <? if(the user isn't valid) { header("Location: login.php"); exit; } ?> --- 4. add <? include('access_control.php'); ?> at the top of any html or php file you wish to protect... if the user isn't valid, they will be redirected to the login page. if they are valid, they'll see the file. If you have lots of these HTML files to add the line to, consider a batch process, which you can do with PHP and most text editors. I get the feeling you could also auto-prepend access_control.php to ALL scripts, and add a little more logic to the code: --- <? if( (the user isn't valid) AND (eregi('.html$',$_SERVER['PHP_SELF'])) ) { header("Location: login.php"); exit; } ?> --- -- which should only impose the access control on *.html pages, but i'm not good with regexp at all!! Justin French on 12/02/03 8:46 PM, Shams ([EMAIL PROTECTED]) wrote: > Hi, > > i've written a secure PHP login script which will allow users to login to a > directory such as this: > > smezone.com/members/index.php > > however, how do I restrict people from accessing HTML files in that > directory (which they can easily do so by typing the URL into their > browser), such as: > > smezone.com/members/document1.html > > ? > > Since its a regular HTML files (and we have lots), I can't check whether the > user has a valid session as I would do in a PHP file. > > Thanks for any help! > > Shams > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php