Securing page with sessions?

jm2002

I need to know how to secure a page so that if someone did not enter a valid password in a form the page just sends them back to the form. Would this be done with sessions? and if so how. I would think you could use HTTP_REFERRER, but I don't think that's secure enough.
Thanks

Anon

Iv'e done what you're looking to do and this is how I did it...

I made a header.inc file and put all the common HTML in there and some PHP. Part of the PHP I put in there was this...

<?php
if(!session_is_registered("ID") && $secure) {
// print out the login form
exit;
}
// carry on with the rest here.
?>

then on every page I made that I wanted to be secure (must have entered a password first) I did this...

<?php
$secure = 1;
include 'header.inc';

// code for the page here
?>

What I did there was made the value of $secure true. So in header.inc it's saying id the session ISN'T registered to ID (ID is what I used. Sub it for the value you're using) and the value of $secure is true, then print out the login form and then exit the rest of the script. If I didn't want the page to be secure, I'd simply leave out the $secure = 1; bit.

Hope this helps.

Regards, Stezz.

Anon

building a good secure login that is still easy for the user isn't a trivial task. your best bet is to go get an opensource package and install it. i would suggest either "php secure pages" or php_lib_login (i'm biased in favour of the later... for obvious reasons). you can just include them and with a little bit of coding get all the protection and features you need.