Protecting html files...

[Unknown User]

Okay, so i got the member thing sorted now, but a members page, so far its just a html page. When the user logs in, they are redirected to it.

But there's nothing stopping somebidy from putting the address into their browser and going straight to it. Is there anything i can do?

[wildteen88]

How do you verify someone is logged in? Rename the html file so it has a php extension (filename.html to filename.php). Then at the top of that page add in the PHP code that you use to verify someone is logged in.

[Unknown User]

And it still reads all of the HTML below the php code? Hmm...

[GingerRobot]

Yes. In your log in process you need to set a session. So, if the user should be logged in, use:
[code]
<?php
$_SESSION['username'] = $username;//change to whatever variable contains the username
?>
[/code]
You will also need to put:
[code]
<?php
session_start();
?>
[/code]
At the top of the log in script.

Then, i would recommend enclosing the following in a new php file, perhaps called logincheck.php:
[code]
<?php
session_start();
if(empty($_SESSION['username']){//check to see if there is anything in the session; if not, redirect to the log in page
header("location:login.php");
exit;
}
?>
[/code]

Then, all of your files that require a user to be logged in, use:
[code]
<?php
include("logincheck.php");
?>
//all of the rest of the html
[/code]

You will also need to change all of these to php files.

[Unknown User]

Yeah i already had that part started. I only looked at PHP yesterday, and i didn't know you could have html below php, this makes things so much easier. Well it works now, thanks.

And btw wildteen88 i notice you incredibly helpful around these here forums

[Unknown User]

Ah, all is well, you can now login, logout, if you go to the login page it remebers that you alreday have... aah, relax.

Incase you where wondering, the site you've been so kindly helping me with is http://www.skgenius.co.nr it's contents are probably of no intrest to you but, y'know.