#1
  1. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2000
    Posts
    13
    Rep Power
    0
    Hi,

    I am trying to password protect my webpages made with PHP. I know how to authenticate one page with header, but I need all my other pages to be protected (without using .htaccess). Is there any way to keep a variable in a session or something to identify that the user has been authorized? Then maybe check that session variable in the following pages: deny access if the user is not granted acess in that first page? I don't really understand the PHP session stuff. I have read PHP.net and some other tutorials... and learnt that sessions are associated with cookies. So if I store a variable with a session, can the user can change it in the cookie?

    A simple example would be nice. Thanks for your help in advance.
  2. #2
  3. Wiking
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Sep 2000
    Location
    Sweden
    Posts
    3,608
    Rep Power
    26
    If you know how to password protect pages with header, all you need to do is have your header in a separate file and then call this header-page on every page you want to protect. Just use an include on top of every page.
    <?
    include("header_page.php");
    ?>

    /NoXcuz
  4. #3
  5. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2000
    Posts
    13
    Rep Power
    0
    Oh that's right! Since it is within the same browser, the ID and password infomation is still there. But I also tried it with sessions. I have a variable like $verified=1 in the first page:

    session_start();
    session_register('verified');
    $verified = 1;

    And for the rest of the pages I have:

    session_start();
    if ($verified == 1) {
    //ok
    } else {
    //not authorized yet
    }

    This seems to work too. Which is better?

    Thanks for your response.

  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2000
    Posts
    5
    Rep Power
    0
    How do you protect a page with header?

    I have a login page, lets call the file - login.php:
    username: ___________
    password: ___________
    [] remember password

    So if username & password are correct, the login.php page dispays a message and a link to a folder, let call it "private".

    If username & password are not correct, the login.php displays an error message.

    The problem I'm having is:
    Once your login succesfully, and you click on a link, it'll take you to the folder "private". BUT if you don't login, and just type URL to the folder "private" you still can access that folder! So I need some kind of protection in that folder... so it would check if I used login.php to login, and if not, redirect user back to login.php
    I've tried:
    if (!isset ($password)) {
    header (Location: "/login.php");
    }
    esle {
    exit;
    }
    This would work fine, but I have SetCookies in the page header, so the above thing doesn't work.. can anyone help?
  8. #5
  9. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2000
    Posts
    13
    Rep Power
    0
    pashamu:

    Just try what I did in message #2. The session's "verified" variable is what I check in every page to be sure the user has been authorized already. But I am not sure if it is really that secure... seems to work for now. Or, you can try what NoXcuz suggested. I didn't try that one yet since mine is working, but I think it should work well too. I just want to know which one is more secure....

    NoXcuz:
    If I used your method, how do I log out? Since the browswer will still think you are authorized, you can simply press BACK to get to the page again. How can I log out effectively without closing the browser window? (Which works)

    [This message has been edited by syin (edited November 15, 2000).]

Similar Threads

  1. refreshing page on session
    By xlordt in forum PHP Development
    Replies: 3
    Last Post: August 26th, 2003, 03:28 PM
  2. reading existing session, problem
    By buttie in forum Perl Programming
    Replies: 7
    Last Post: August 11th, 2003, 10:26 AM
  3. session start issue!
    By djl in forum PHP Development
    Replies: 0
    Last Post: July 29th, 2003, 01:37 PM
  4. PATH_INFO URL - Search Engine Friendly
    By Coopercentral2 in forum PHP Development
    Replies: 2
    Last Post: April 19th, 2003, 10:44 PM
  5. anonFTP hack?
    By (jp) in forum FTP Help
    Replies: 3
    Last Post: March 10th, 2003, 01:58 PM

IMN logo majestic logo threadwatch logo seochat tools logo