passing variables between scripts

Anon

I currently have 2 scripts. The first being a simple script which prompts for a username & password via a form. It then compares the two values to a mysql db entry. If they match, it then redirects itself to the 2nd script passing along a variable (li=yes), if not it just prompts the user to login again.

I'm at a loss though in trying to come up with a way to prevent someone from simply calling the 2nd script and tacking on (li=yes) to the end and getting access to the script. Being able to do that, makes having a login script totally pointless.

The sources for both can be found at:
http://wh23.com/login.phps
http://wh23.com/admin.phps

Thanks in advance for any tips or suggestions.
-Gary

Anon

You could always use sessions. If the user name and password match the db entry then declare a variable that states the user is authenticated using the session_register function. In the admin script just write something like:

if(!isset($_SESSION[authed])){

  code here to deny access
  exit();

}

And put it at the top of the file. But make sure that before you use a method like this you MUST first use the session_start function.

Check the PHP manual and php.net, it explains everything you need to know.

I hope that helps! It should eliminate your concern about people hacking thier way in.

Anon

Ahh, thanks alot. I did some more browsing on the subject, and started to head in that direction. Thanks again for the quick reply.