don't allow access to page by typing page name

After your user logs in, set a session variable to a specific value. In home, check this session variable, if it is not set redirect to the login.

hi,

there are many ways of achieving this. The most simple is to create a session on index.php and then check if the session exists on home.php. If the session does not exist, the user is redirected to the index.php

sample codes

filename: index.php

<?php

    session_start();

    $_SESSION['been_here'] = true;

    header("Location: http://your_domain_dot_com/home.php");
     die();

home.php

<?php

    if(isset($_SESSION['been_here'])){
        ## do all the things you want to do
        }

        else{

            header("Location: http://your_domain_dot_com/index.php");
     die();
     }

you can also do this kind of statement

     if($_SESSION['been_here'] && (isset($_SESSION['been_here']))){

         ## do all the things you want to do

         }

         else{

             ## redirect the unexpected intruder here..

         }

I 'third' the simple session check-redirct method. Other solutions abound in tutorials, but they must be regarded carefully. One I saw delivered different content to a page (based on include files) depending on whether the user was logged in or not. While this has its uses, it shouldn't (IMO) be used if you want to prevent a non-logged-in user from accessing certain pages, especially admin pages.

thanks veedeeoo.