Hi,
I have a simple login script using php and mysql. Registering, logging in, and viewing pages where you have to be logged in all works as it should, the problem comes when trying to access a page in a different directory.
For example, www.blaa.com/page01.php is a secure page (user must be logged in), www.blaa.com/page02.php is also a secure page - everything works fine and session data is available on both pages with no user authentication errors.
If i moved page02.php to blaa.com/folder/page02.php and updated all links to the new locations, it redirects to my "access denied" page, but with page02.php displayed underneath, if the user is logged in (which they are) the "access denied" page should not be displayed at all, and if the user is not logged in page02.php should not be displayed underneath the access denied page. Ive read through some stuff about php.ini but im not too sure what to actually do or if php.ini will help solve the problem.
Any ideas anyone? heres some code:
This is my auth page, its required at the start of every page where a user has to be logged in
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: http://www.my_site.com/access-denied.php");
exit();
}
?>
This is a page outside my main directory where i want to be able to view only when a user is logged in
<?php
require_once('http://www.my_site.com/auth.php');
?>
<html>
<head>
...
...
...
Im guessing it has something to do with these pages but I literally have no idea whats going on so any help will be much appreciated!
Thanks
Oh by the way, to get to www.my_site.com/folder/page02.php there is a link on the page www.my_site.com/page01.php - the code is as follows:
<a href="http://www.my_site.com/profile">page02</a>
Page01.php also has...
<?php
require_once('auth.php');
?>
...at the top and it works as it should
(if you need to know any more info just let me know!)
