Securing pages...

[dubt2nv]

hey guys...

im an amatuer at his and im just wondering what i need to do to complete this.

I have a log-in system and i have no idea about session variables....all i want is so that the secure pages after log-in cant be accessed by people who havent logged in by simply typing the address with the secure page in it....

in other words i want the page to redirect to another if the user has not logged in and is trying to access it....

also another problem....i log-in to my age but somehow i dont think the page that it logs into recognises that the user that logged in still exists, basically i think all the log-in is to access this page but the page has no idea of the log-in....if you get me

[allydm]

Well as you havn't mentioned if you have built a login form or not, i'm going to leave that stage out for the moment.

Basically, you need a user to enter there information, check it and then if its true set session variables.

So, presuming that you know how to check that a users password matches the one they've entered, the next stage would be

[code]<?php
session_start();

if ($submitted_password = $_POST['password']) {

$_SESSION['user_id'] = $login_info['user_id'];

}
?>
[/code]

That would then set a session variable. Remember: you should [b]never[/b] store a users password in a session variable.

Then, at the start of each page you need to check if $_SESSION['user_id'] is set or not, and if its not then tell them to login.

Such as this:

[code]
<?php
session_start();

if (empty($_SESSION['user_id'])) {
header("Location: login.php");
}
?>
[/code]

That would send a user to login.php if they havn't logged in.

Its not 100% secure, but its a good start for you.

[dubt2nv]

would the first bit of code need to be placed within the process login page or???

[allydm]

Yes, the first bit would go on the login page....in the part of the code where you telling the php what to do if the user logs in correctly.