Preventing direct access to php pages

[dc909]

Hello everyone. I am NOT a programmer and have very limited knowledge of PHP. I found the information on one of the thread somewhat useful, well it worked once, but it's not working!!

I purchased a custom coded php website and I wanted to make it a "members only" website, so I looked around and found the WYSIWYG web builder, that helped me create a log in page, a sign up page etc. My login page is named "default.php", and if the username and password is correct it takes you to "index.php", which is the main page of the actual website. I want to make sure that no one can access "index.php" or any other page without first going through the log in page "default.php".

 

I tried the solution you presented in one the forums and it worked,

 

I put this code in "default.php":

 

$_SESSION['can_access'] = true;

 

and this code in "index.php"

 

session_start();

// kill the page if the access variable doesn't exists
//            or if the access variable does exist but is not set to true
if(!isset($_SESSION['can_access']) || (isset($_SESSION['can_access']) && $_SESSION['can_access'] !== true))
{
   die('You cannot directly access this page!'); // kill the page display error
}

 

The first time it worked, I logged in and went to the index page, and I was not able to go directly to "index.php" if I typed it into my browser! woohooo !!

but after that first time, I get the error message every time I log in, and I can't get to "index.php" .Any ideas about what I'm missing here? Please remember I'm new to all this. I can copy and paste whatever code you provide, and see if it works, that's about it.

[dc909]

I added this code to top of "index.php" :

 

session_start();

 

and now it works. I can log in, and I can't access "index.php" directly. But I can still access other pages of the website directly. I'm so close. I hope someone can help. Thank you in advance.