Login system

pjking · #1 (**permalink**) 06-09-07, 04:00 AM

Hi all,

I'm creating a login system for an administrator section. All works fine, pulling in the admin details in from a database, with conditional statements to go to a secret page if true and redirect back to the login page if false.

What I want to know is how do I stop a user typing the url of the secret page directly into the browser and skipping the login altogether, gaining access to the page without first loging in?

Is there code that will recognise this has happened, and tell the browser to redirect back to the login page?

Cheers

Nico · #2 (**permalink**) 06-09-07, 04:07 AM

Have a look at PHP sessions.

PHP Code:


			


session_start();



if (/* Condition to log in user */)

{

    $_SESSION['logged_in'] = true;



    header('Location: secret.php');

    exit();

}

And in secret.php:

PHP Code:


			
session_start();



if (!isset($_SESSION['logged_in']) OR $_SESSION['logged_in'] !== true)

{

    header('HTTP/1.1 401 Unauthorized');

    exit('Unauthorized access');

}



// Secret content...

pjking · #3 (**permalink**) 06-09-07, 04:34 AM

Thanks Nico,

Works a treat!

I've also amended the secret code to re-direct back to the login page.

secret page

PHP Code:


			
session_start();

    if (!isset($_SESSION['logged_in']) OR $_SESSION['logged_in'] !== true)
    {
        header('Location:admin.php');
        exit();
    }