It is possible to use sessions. DO this by ensuring every page has the code
Code:
<?php
session_start();
?>
BEFORE ANY OTHER code Then on your login.php page have a form that "logs the user in" by setting
Code:
<?php
$_SESSION['username'] = $_POST['username'];
//Any other information you want stored can go here as well, be
//careful with passwords.
?>
The above code assumes your form method was "post" (If it was get, use $_GET) and the textbox containing the username was called username (Case sensitive) I recommend $_POST as it stops the user entering a known user name in the address bar and gaining access that way.
Then on each "protected" page something like the following, after the session_start();
Code:
if (!isset($_SESSION['username']))
{
header('location:login.php'); //Send them to the login page
}
else
{
//Your page code here
}
If that sounds terribly complicated try a .htaccess page. They lock out users by requiring authorisation (For .htaccess pages to work you need to be using php with Apache not IIS) the syntax for a .htaccess for can be found at the following URL
http://apache-server.com/tutorials/A...-htaccess.html
Below is an example of a .htaccess file I wrote (paths obscured for obvious reasons)
Code:
AuthUserFile /full-path/to/password/file
AuthName "area name here"
AuthType Basic
require valid-user
You need to make sure that the hosting directory in the httpd.conf file has AllowOverride AuthConfig in it.
You also need to create a .htpasswd file (Make sure it starts with ".ht" as it will be more protected under Apache) in the command line type the following
Code:
htpasswd -bc ./.htpasswd user password
Then for each subsequent user lose the c. The "c" parameter creates the file.
hth
---
David Thorne, Student
UK
Autorized page Access
