[php-list] redirect if not logged in

Sat, 28 Oct 2006 15:04:58 -0700 

hi all

im having a little trouble with a login script. all works fine but i can 
still access the admin pages with the full url. do you have any pointers 
on how i can solve this?

this is the script im using

<?php
include "dbconnect.php";

// handle the logout event
if ($logout == true) {
  setcookie ("user", md5($_POST[user]), $time-3200);
  setcookie ("pass", md5($_POST[pass]), $time-3200);
  header("Location: index.php");
}

// handle validation event
if ($_POST[user] && $_POST[pass]) {
  if ($_POST[user]==$username && $_POST[pass]==$password) {
   setcookie ("user", md5($_POST[user]), $time+3200);
   setcookie ("pass", md5($_POST[pass]), $time+3200);
   header("Location: index2.php");
  } else { $login_error= true; }
}

// handle login event, both successful and erroneous, or show login screen
if ($login_error == true) { ?>
  <table align=center style="font-family:arial; font-size:12; border:1 
solid #000000;">
   <tr><td align=center bgcolor=#123dd4>LOGIN ERROR</td></tr>
   <tr><td align=center><b>Invalid Username and/or 
Password</b><br><br><a href=index.php>Back</a></td></tr>
  </table>
<?
} elseif ($_COOKIE[user] == md5($username) && $_COOKIE[pass] == 
md5($password)) { ?>
<a href=index.php?logout=true>Logout</a>
<?
} else {
?>
<form action=index.php method=post>
  <table align=center style="font-family:arial; font-size:12; border:1 
solid #000000;">
   <tr><td colspan=2 align=center bgcolor=#123dd4>LOGIN</td></tr>
   <tr><td align=right>Username: </td><td><input type=text name=user 
size=15></td></tr>
   <tr><td align=right>Password: </td><td><input type=password name=pass 
size=15></td></tr>
   <tr><td align=center colspan=2><input type=submit value=Login></td></tr>
  </table>
</form>
<?
}
?>


Community email addresses:
  Post message: [email protected]
  Subscribe:    [EMAIL PROTECTED]
  Unsubscribe:  [EMAIL PROTECTED]
  List owner:   [EMAIL PROTECTED]

Shortcut URL to this page:
  http://groups.yahoo.com/group/php-list 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/php-list/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/php-list/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:[EMAIL PROTECTED] 
    mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to