Logins and PHP

JMcAuley

Im curious as to what some methods are for setting up a login in PHP. I have set up a basic login myself, where it will validate the login information on a Oracle DB then bring them to a page once they have typed in valid login information. However, what is the best method of keeping people out of ALL the pages that are access through loging in. I don't know if what im saying is clear, so i'll explain an example.

I log in, and the page takes me to www.myurl.com/index.php. Now, from index.php I am able to click a link that takes me to hello.php. Now what is to stop someone from simply typing www.myurl.com/hello.php and gaining access to the page without loging in first, im assuming nothing. So what is the easiest most efficient way to secure multiple pages under a login.

Thanks 🙂

devinemke

a common approach is to start a [man]session[/man] when the user logs in and set a boolean session var that simply stores the users valid login state (true or false) then at the top of each page run a quick check for that var and if it's false spit out an error and [man]exit[/man] out of the script.

JMcAuley

Ill throw something together using that method, thank you for the quick response.