help with page access.

[gammaman]

Ok this is another one that is wordy and hard for me to explain, but here goes.

 

I have a page that starts with a login system that checks if something is valid in order to continue to the rest of the site.  I have checking on there so that if someone knows the web address of one of the pages after the login and they enter it, they will be kicked back to the login.  I also have the same checking on all of the pages after the login.  However if they login successfully and then choose to go to another page, that they should not have access to and they enter the web address, it lets them through.  For example on the login page it checks to see if a student id and password or an administrative id and password are entered.  If they enter as a student successfully but then know the web address of the admin page, it will let them through, while if they were not to have logged in and tried to access the admin page from the login page before they were validated as a student, it does not let them in.  If anyone is interested in helping me and would like to see code, please post here. 

[firecat318]

Try doing something with the database, like adding a new field called 'validation'.

 

If you want the person to be an admin, put yes, or no, just leave it blank.

 

Then, you can use some mysql checking to see whether they would have access to certain areas of the site.

[jsladek]

You can write a temporary cookie to the users browser when they log in.  Then you would write a "Security" file that verifies that cookie is set to allow access.  Any php that you dont want them to use unless they are logged in you can put an include at the top of the page ie

include(secure.php);

  if you want the whole site to be protected you can use a prepend.php file with the security built into it.

 

-John