Login to secure directory

[thedolphin13]

New to PHP/MySQL – tried looking for the answer but I’m probably asking it in the wrong way.  I have a site mysite.com – main page has a login with password (tied to MySQL and it works).  What I want to happen is user types Madison goes to Madison directory, Katie, goes to Katie directory, Janet, Janet directory…this happens – problem, when I type http://www.mysite.com/Katie - I get the same results  - there’s no security.  All I need is the simplest way  to make the directories only accessible via the login page.

I’ll take any hand-holding offered, but even suggestions about the right functions or pointing in the right direction.  Using Apache 2, PHP and MySQL 5

Thanks in advance for any help.

 

[willpower]

personally i would use $_session variables.  So when katie signs in she is allocated a session var.  Then you check to see if the domain dir and the var match if so allow else deny.

 

 

[thedolphin13]

Excuse my ignorance, but the concept your suggesting is, use a session variable??? at login, and if the login is successful, it will go to a Katie page where it will check for a session variable, it there, page loads if not, redirected to a general page?  Can these be used for a directory or just individual pages?  I will search the use of session variables - thanks!

[willpower]

not quite.

katie logs in...checked against your db and she passes your log in.

 

we then set a session variable which is stored on the server (read up on these...you will need them for this)

 

We can then say something like (in simplistic terms) $_Session['user']="Katie";

 

now when she tries to access the directory we can add another little script which will acertain which directory se is in...check out $_SERVER variables in the php manual.

 

Then we can say

 

if ($this_directory==$_Session['user']) { gets to see page} else { gets redirected}

 

I'd personally look into MOD REWRITES for something like this. Its not php but the ability to use MOD REWRITE is kinda like the swiss army knife of webdesign when it comes to delivering dynamically driven websites.

[thedolphin13]

Thank you for the suggestion about sessions - ended up using this code on the 'protected' pages:

 

<?

session_start();

if(!session_is_registered(myusername)){

header("location:index.php");

}

?>

 

and

 

session_register("myusername");

 

on the verification page.  It is just what I wanted and easy to learn and impliment.  The hardest part was learning how to query mysql for directory.  Anyway, this might not be the most secure page on the planet, but it sure does what I wanted it to do.  Thanks for pointing me in the right direction!

[DarkWater]

Don't use deprecated Session syntax.  You don't need session_register.  You can just use the session superglobal.

[thedolphin13]

There you go again...being smarter than I - I'll look into the use of session superglobal - thanks for the tip.