I recommend using the new session handling access methods to secure your site and the header function jpmoriarty suggest is wacked (remove the anchor tag... or is that the msg board doing that?):
here is what I recommend:
// from any page
session_start();
if( !isset( $_SESSION['username'] )
|| $_SESSION['username'] == ""
|| !isset( $_SESSION['authcode'] )
|| $_SESSION['authcode'] == ""
){
header("LOCATION: members.php");
}
Basically this will check to see if your username session is set on each page. If not it will redirect you back to the members.php page. It's also smart to check to make sure that it is not set to NULL. I also recommend something like the authcode session var. With this you can control your site a whole bunch more.
For example, this auth checker only checks to see if the session var username is set. It doesn't validate its value against some other system (your members.php should do that). If you dont do futher checking then anyone could register a session var called username.
You can write a script that will validate a username against a file or database then if it is valid set the authcode to some value that you think is good. This can be seen as security levels kinda.
I hope this helps.
Ed
