I have a small question about authentification and sessions ......I have a login page that requires a username and pass that are in a mysql database table and stuff..but I have a html page(just html code in it) that I also want to secure it. Meaning if someone tries to access the file by typing site.com/administrator_menu.html , unless the admin loged in the file will refresh to the login page. I'm not sure how I can do that?
10x a lot
a small security question about session
Moderator: General Moderators
in you login script get the username and do something like;
then in the script you want to protect put this:
remember you cannot ouptut anything before you send the header, so the code above needs to go on the beggining of the file.
Code: Select all
if ( $_POST["username"]=="admin" ){
$_SESSION["administrator"]=true;
}
else{
$_SESSION["administrator"]=false;
}Code: Select all
if ($_SESSION["administrator"]!=true){
header("location:erro.html");
}remember you cannot ouptut anything before you send the header, so the code above needs to go on the beggining of the file.