a small security question about session

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
biggie
Forum Newbie
Posts: 8
Joined: Fri May 26, 2006 11:57 pm

a small security question about session

Post by biggie »

I have a small question about authentification and sessions ......I have a login page that requires a username and pass that are in a mysql database table and stuff..but I have a html page(just html code in it) that I also want to secure it. Meaning if someone tries to access the file by typing site.com/administrator_menu.html , unless the admin loged in the file will refresh to the login page. I'm not sure how I can do that?

10x a lot
User avatar
pedrotuga
Forum Contributor
Posts: 249
Joined: Tue Dec 13, 2005 11:08 pm

Post by pedrotuga »

in you login script get the username and do something like;

Code: Select all

if ( $_POST["username"]=="admin" ){
    $_SESSION["administrator"]=true;
}

else{
 $_SESSION["administrator"]=false;
}
then in the script you want to protect put this:

Code: Select all

if ($_SESSION["administrator"]!=true){
header("location:erro.html");
}

remember you cannot ouptut anything before you send the header, so the code above needs to go on the beggining of the file.
Post Reply