ok I have a login form that works and checks but I can just pout in the url to go to a specific page inside of the website I am designing and get into it without logging in, how can I remedy this? I have gone through many tutorials and every time I hit the protection script it throws me to the page I want the people not signed in to go to even if i sign in propperly.
Actually it's hard to decipher what you wan't although your thread's question is understandable; though too generalize. Can you please provide a snippets of your code, and put what you want to do in bullets? If it's ok for you.
what are you talking about? the login works just fine and gets me to the page I want to be in as long as I dont have the protection code at the top, and it blocks me from getting in when I put in the wrong information, as long as I go in from the login page.
on your function login, you can try setting the session for that username.
## this user exists
## set session for this user
$_SESSION['thisUser'] = $username;
## do what you want to do on failed login
You protection function on top of every pages can be as simple as this
## this user is not login send them to the login page, or wherever you deemed appropriate.
## this is user is authenticated at the very least :).
$user_isLogin = true;
$user = $_SESSION['thisUser'];
Warning! There are broader topics in web security, validation, and sanitization of data you must take into consideration, before sending this script to production site.
If you're going to run an online store or ecommerce Web site, you should be aware of HTTPS - or HyperText Transfer Protocol with Secure Sockets Layer. HTTPS is a protocol to transfer encrypted data over the Web.
by happygeek: Please stop posting 'fake sig' links in all your replies
thanks kam, I am aware of HTTPS, however I am not running either of those, I just needed to secure the web page for a general admin area so that other people dont get in and change my announcements and other information that I dont want changed on the web site.