[SOLVED] PHP Security

[thesaleboat]

Hello, I am trying to develop an online resource library for our clients, which would have a login and redirect depending on the login.  Here is my question, how can I make it impossible for a page to be loaded unless a person has successfully logged in? 

[5kyy8lu3]

Hello, I am trying to develop an online resource library for our clients, which would have a login and redirect depending on the login.  Here is my question, how can I make it impossible for a page to be loaded unless a person has successfully logged in?

 

use session variables.  for example, set the variable if their login was correct $_SESSION['logged_in'] = 'yes'; but make sure you have a session_start(); just after your <?php before you do anything with session variables

 

then on any page you don't want them to see without being logged in, you just add this:

 

<?php
session_start();
if ( $_SESSION['logged_in'] != 'yes' )
{
	header("Location: http://www.yoursite.com");
}
?>

[thesaleboat]

Thank you for the fast reply, but most of the pages will be in HTML, is there a way to not display the HTML as well as send them back to the login page.  Also the page would still be accessible if you just directly typed in the URL as opposed to going through the login, wouldn't it?

[5kyy8lu3]

Thank you for the fast reply, but most of the pages will be in HTML, is there a way to not display the HTML as well as send them back to the login page.  Also the page would still be accessible if you just directly typed in the URL as opposed to going through the login, wouldn't it?

nope, if you put that at the top of your page, it will see that you are not logged in because that session variable won't equal 'yes' so it will redirect you to http://www.yoursite.com or whatever you want to set that to.  it does that before anything else so html you have on the rest of the page will not be visible and even if you went directly to that page it will still redirect you because you're not logged in

[thesaleboat]

Thanks man!