up********@gmail.com wrote:
Dear frindes,
I am new to php. in my 'php' code when someone
login into my page he/she awail the necessary page rights, it's quite
ok. but when it click on the page and someone direct copy & paste the
url he also access the page without proper login.
How it could be possible that someone access only after
the login and not direct copy & paste the desired url.
with session & without session.
Thanx in advance.
situ.
Hi,
Answer: Sessions.
loginpage posts to a check username/password page.
On succes set a sessionvariable, eg:
[stupid example]
session_start();
if (($_POST["username"] == "situ") && ($_POST["password"] == "secret")){
$_SESSION["validUser"] = "Y";
} else {
header ("Location: loginpage.php");
exit;
}
Then from every other page that requires a validated user:
session_start();
if ((isset($_SESSION["validUser"])) && ($_SESSION["validUser"] == "Y")){
// OK
} else {
// NOT ok
header ("Location: loginpage.php");
exit;
}
Go to
www.php.net to learn more about sessions.
Regards,
Erwin Moller