Or in english,
on your login page have your usual login txt boxes i.e. username and password. Post the form on this page back to itself and test the posted password and username. If username and password are correct, set a session var showing that the user is logged in. if not, alert the user that the username or password were wrong and redirect them to the login page. The correct syntax is below:
login page: (assuming that form has been posted)
<?
session_start(); //required on every page
//do the check
if($str_username == "leon" && $str_username == "hayes")
{
//username/password correct so continue
$logged_in = "true";
session_register("logged_in");
//from here write your redirect code
}
else
{
echo "User name or password invalid!!";
//write redirect code to send them to login page
}
?>
now on every single page that you want to be protected by this login script, you must include the following:
<?
session_start();
if($logged_in == "true")
{
//page content here
}
else
{
echo "You are not logged in.";
//write your redirect code here to send user to login page
}
?>
I usually also write a couple of generic functions and put them into an include file to handle redirects and messages to the user.
<?
function redirect_to($page_url)
//does what the name says
//eg: redirect_to("index.htm");
{
echo("<script language=\"javascript\">
window.location = \"".$page_url."\";
</script>");
}
function show_alert($message)
//writes javascript code to display an alert box
//eg: show_alert("this is using javascript");
{
echo("<script language=\"javascript\">
alert(\"".$message."\");
</script>");
}
hope any of this babble helps.
L
