Authentication &amp; Sessions

Authentication & Sessions

Yrogerg

I'm creating an 'admin' area on a site, all the contents are in a separate folder cleverly titled admin. index.php is the login page; a simple user/pw form. I've written code to check if the user/pw are correct and redirect the user.

However, there are several other pages that I don't want accessed unless the user/pw has been fulfilled. I know I'd have to use Sessions to accomplish this, but I'm not sure how to go about it.

Here's my code so far.

// verify.php
include "../includes/connect.php";
	if (!isset($username) || !isset($password))
		$invalid = true;

$query = "SELECT password FROM admin WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query, $conn);
if (mysql_num_rows($result) != 1)
	$invalid = true;
else
	$valid = true;

if ($invalid)
	header("Location: index.php?error=true");
else
	header("Location: admin.php");

bav

Include a script for checking username and password on top of each page that you want to protect.

Yrogerg

I'd rather not carry the user/pw variables across pages.
It can't be that hard with Sessions can it??