Hello there.
I've made a full admin site for my webpage. Various users can log in to it to add conetnt to the main site. The admin site is composed of a number of php files that all use sessions to detect whether the user has correctly logged in.
When the user logs in correctly, the variable $auth is given a value of 1. I have a session_register($auth) line on the login page so all the other pages in the admin site can see it. At the top of each page in the admin site i have this code that checks if the user has correctly logged in.
Session_start();
if ($auth != 1) {
header("location: index.php");
exit;
} else {
end;
}
I know there's a better, more secure way to authenticate user than this. Can anyone help me out?
thanks in advance.
