Dark,
I will try to give you a brief overview of how I do it.
Every page I want to have protected have these 2 lines of code:
$PageName = "downloads.php";
include("sessionstart.php");
The sessionstart.php file looks like this:
<?php
session_start();
session_register('SUserName');
session_register('SPassword');
session_register('SName');
session_register('SPageName');
$SPageName = "$PageName";
if ($SUserName == "")
{
include("login.php");
die;
}
if ($SPassword == "")
{
include("login.php");
die;
}
?>
This file basically checks to make sure they have logged in and if they haven’t sends them to a login page, pretty basic but it works great. The page name is stored so I can redirect them to the page they tried to access when they were not logged in. This also ensures that no one can access protected pages even if they know the url address.
So then you just need to write a login script that starts a session and then keep checking that they have a session by including the 2 lines mentioned above.
You can have as many session registers as you want to store different information.
Hope this helps,
Anthony Irwin
