Posted by upendrajpr on 09/05/07 09:32

On Sep 5, 2:23 pm, Erwin Moller
<Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
> upendra...@gmail.com wrote:
> > Dear frindes,
> > I am new to php. in my 'php' code when someone
> > login into my page he/she awail the necessary page rights, it's quite
> > ok. but when it click on the page and someone direct copy & paste the
> > url he also access the page without proper login.
> > How it could be possible that someone access only after
> > the login and not direct copy & paste the desired url.
>
> > with session & without session.
>
> > Thanx in advance.
>
> > situ.
>
> Hi,
>
> Answer: Sessions.
>
> loginpage posts to a check username/password page.
> On succes set a sessionvariable, eg:
> [stupid example]
> session_start();
> if (($_POST["username"] == "situ") && ($_POST["password"] == "secret")){
> $_SESSION["validUser"] = "Y";} else {
>
> header ("Location: loginpage.php");
> exit;
>
> }
>
> Then from every other page that requires a validated user:
> session_start();
> if ((isset($_SESSION["validUser"])) && ($_SESSION["validUser"] == "Y")){
> // OK} else {
>
> // NOT ok
> header ("Location: loginpage.php");
> exit;
>
> }
>
> Go towww.php.netto learn more about sessions.
>
> Regards,
> Erwin Moller

Thank you very much for quick reply I think this definately help me
a lot.

regards
situ

• Next in forum: Get page with authentication code
• Prev in forum: Re: How to stop direct execution to my page
• Thread view: Re: How to stop direct execution to my page

[Reply to this message]