Posted by Erwin Moller on 09/05/07 09:23

upendrajpr@gmail.com wrote:
> Dear frindes,
> I am new to php. in my 'php' code when someone
> login into my page he/she awail the necessary page rights, it's quite
> ok. but when it click on the page and someone direct copy & paste the
> url he also access the page without proper login.
> How it could be possible that someone access only after
> the login and not direct copy & paste the desired url.
>
> with session & without session.
>
> Thanx in advance.
>
> situ.
>

Hi,

Answer: Sessions.

loginpage posts to a check username/password page.
On succes set a sessionvariable, eg:
[stupid example]
session_start();
if (($_POST["username"] == "situ") && ($_POST["password"] == "secret")){
$_SESSION["validUser"] = "Y";
} else {
header ("Location: loginpage.php");
exit;
}


Then from every other page that requires a validated user:
session_start();
if ((isset($_SESSION["validUser"])) && ($_SESSION["validUser"] == "Y")){
// OK
} else {
// NOT ok
header ("Location: loginpage.php");
exit;
}

Go to www.php.net to learn more about sessions.

Regards,
Erwin Moller

• Next in forum: Re: How to stop direct execution to my page
• Prev in forum: How to stop direct execution to my page
• Thread view: Re: How to stop direct execution to my page

[Reply to this message]