View Single Post
 
Old March 1st, 2004, 09:25 AM
justinhume justinhume is offline
Registered User
 
Join Date: Feb 2004
Location: Brisbane, QLD, Australia.
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Session Management / Security / Redirects

Hi,

I'm making my first commercial PHP site. I've used Java for 18 months and have found PHP easy to pick up. The programming isn't hard, but I'm having trouble with low level design from not knowing the API, and PHP's general capabilities. My general problem is not data structures and data manipulation, it's more site navigation / security / user sessions.

What I've done so far is create an authentication script - not too hard. I'm a bit lost on what to do now that I have authenticated the user.

What I want is for a user to login and then gain access to their own directory which holds a small flat file database.

I'm not sure how to redirect the user securely to their own folder. I know the curdir() command can do this, but I don't want people to be able to sidestep the authentification and just type in a URL.

How can PHP lock users out of all directories besides their own and the home dir?

Also, if user is not authenticated, how can I automatically send them back to the login page to retry. There must be a PHP command to change URL's.

I've read up a bit on sessions and am wondering how they may apply here.

Can I have global variables that exist outside of any particular .php file? Is this a session variable? If so, how are they passed around pages, or do they reside in the server somewhere for the duration of the session?

I've asked alot, so I really appreciate any help given.

Thanks in advance,

Justin