i have a login form, main menu, employee form, and sales form. the user that entered the correct username and password in the login from can go to the main menu and from there they can choose to go to employee form or sales form.
          However the user also can just type the address of the main menu, employee form or sales form escaping the login form. As such unauthorized user can also used the system.
          How can i prevent this from happenning?

You need to implement a basic authentication scheme on those pages.

if (is_logged_in())
{
    // user is logged in
}
else
{
    // Not logged in, show an error message or redirect back to login page.
}

In the is_logged_in function, you may check SESSION variables containing authentication information, the easiest method, IMO, is to set a variable like $_SESSION['is_logged_in'] with a boolean value. This assumes that this session variable is always assigned a boolean value (best practice), and using a static function instead of just checking the variable allows for possible future expansions or innovations on that functionality, including the addition of access privileges, account activation, email confirmation, etc.

So...

function is_logged_in()
{
    return $_SESSION['is_logged_id'];
}

I am just assuming that you're using sessions here, that will work if you're using sessions..

I suppose I should be asking, what type of authetication are use using?

: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::

Also, read this related thread:
  http://p2p.wrox.com/topic.asp?TOPIC_ID=9344

There are LOTS of articles and demos of user authentication schemes online. Check hotscripts.com, phpbuilder, etc..


Take care,

Nik
http://www.bigaction.org/