Password Authentication

[programming.name]

Hi,

 

Suppose there are two pages being page1.php and page2.php and the URL for each page is http://example.com/page1.php and http://example.com/page2.php, respectively. If pag1.php has a form that accepts a user name and  password and the both information is correct then it goes to the page2.php.

 

This is what I have done so far. But I want to go further. I found some problem that if I just type in http://example/page2.php, it does display the content of the page2.php without any user information typed. The page2.php is supposed to only be seen by those who logged in.  How can I prevent this problem from being directly seen from poeple who don't have loged in.

 

Thanks.

[spambadger]

Heh, that's quite a broad question.

 

At the very simplest level, you could use a session to store that the person has logged in, so in page1.php where you check the username and password

 

<?php 
session_start();

if( authenticate_user() ){
$_SESSION['LOGGED_IN'] = true;
header( 'Location: page2.php' );
}
?>

 

and on page2.php

<?php
session_start();

if( !isset($_SESSION['LOGGED_IN']) || !$_SESSION['LOGGED_IN'] ){
header( 'Location: page1.php' );
}
?>

 

You'll probably want to go a bit deeper than that though, I'd google 'php authentication' to find out more.