jackr1909 Posted April 8, 2011 Share Posted April 8, 2011 Hi, Can i please have a script for only allowing access to a page from a specific reffering url. Sort of like how if you try and type in: http://www.facebook.com/home.php (the homepage) it would redirect you to a login page. I don't have a MySQL Database and really don't want to. Thanks in advance Quote Link to comment Share on other sites More sharing options...
requinix Posted April 8, 2011 Share Posted April 8, 2011 You're talking about two different things. Pick one: a) Only allow access from certain URLs, which (by the way) can be easily forged b) Redirect someone if they aren't logged in/don't have a cookie/whatever. Quote Link to comment Share on other sites More sharing options...
jackr1909 Posted April 8, 2011 Author Share Posted April 8, 2011 I want to only allow people who have been verified by this array, which is located at /pwdarray/auth.php to be able to access a members page <?php $usr_username = $_POST['username']; $usr_password = $_POST['password']; $usr_name = $_POST['name']; $users = array(); $passwords = array(); $users[0] = 'user1'; $passwords[0] = 'pass1'; $users[1] = 'user1'; $passwords[1] = 'pass1'; for($i=0;$i<count($users);$i++){ if($users[$i] == $usr_username && $passwords[$i] == $usr_password){ header( 'Location: http://www.theblogspace.net/login/loginrefferingtoken.html' ) ; } else { header( 'Location: http://www.theblogspace.net/login/loginfail.php' ) ; } } ?> Quote Link to comment Share on other sites More sharing options...
spiderwell Posted April 8, 2011 Share Posted April 8, 2011 that script is going to work, but the issue is that the loginreferingtoken.html page isnt protected by a login check, being a plain html document. what could be done is that you could set a session variable once a user is logged in, and on each page (change extenstions to .php) to check if that session is set, and if not redirect away. Quote Link to comment Share on other sites More sharing options...
jackr1909 Posted April 8, 2011 Author Share Posted April 8, 2011 that script is going to work, but the issue is that the loginreferingtoken.html page isnt protected by a login check, being a plain html document. what could be done is that you could set a session variable once a user is logged in, and on each page (change extenstions to .php) to check if that session is set, and if not redirect away. okay, so i change to: <?php $usr_username = $_POST['username']; $usr_password = $_POST['password']; $usr_name = $_POST['name']; $users = array(); $passwords = array(); $users[0] = 'user1'; $passwords[0] = 'pass1'; $users[1] = 'user1'; $passwords[1] = 'pass1'; for($i=0;$i<count($users);$i++){ if($users[$i] == $usr_username && $passwords[$i] == $usr_password){ header( 'Location: members.php' ) ; } else { header('login/loginfail.php' ) ; } } ?> how would i change the username to a variable so that it redirects to the login page (loginfail.php if the authentication fails) thanks Quote Link to comment Share on other sites More sharing options...
spiderwell Posted April 8, 2011 Share Posted April 8, 2011 you need to use the $_SESSION object to store the usrname and/or password then check for that session existing on each protected page. I would give an example but i have to go out now, sorry buddy ! Quote Link to comment Share on other sites More sharing options...
jackr1909 Posted April 8, 2011 Author Share Posted April 8, 2011 thanks, does anyone have a script of a session variable Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.