Authentication and Security help

Anon

Hello All:

I am in the beginning planning and development stages for an online application involving PHP and MySQL. I have a few questions on the best way to implement some of the concepts. My primary concern is security and making sure the user is authenticated properly.

What I want to do is protect the various PHP files that will be used so if someone types in the URL directly, or references a book marked page to one of the files they will be redirected to the login page if they have not been authenticated.
I don't have much experience with Sessions is this what I would use for this type of task?
What would I have to include on each PHP page in order to protect it from non-authenticated users?

Another question I have is that there will be 2 different user types. A standard user that has a username and password assigned to them, and an administrator that has rights to create new users and various other tasks.
What is the best way to differentiate the users because there were be some pages that only the administrator will have access to and not all authenticated users?

Thanks,
Troy Oldroyd

Anon

I have wrote such application before a week 🙂 All the pages have to be php. And it's writeen in PHP4, using new session-handling functions 🙂
Of course, you can have an administrative directory protected by .htaccess file and thus you have the admin type of user. The first logs in via html form, and is recognized via his session and the second via apache's authentication mechanism.