Page 1 of 1

a small security question about session

Posted: Sat Jun 24, 2006 1:15 pm
by biggie
I have a small question about authentification and sessions ......I have a login page that requires a username and pass that are in a mysql database table and stuff..but I have a html page(just html code in it) that I also want to secure it. Meaning if someone tries to access the file by typing site.com/administrator_menu.html , unless the admin loged in the file will refresh to the login page. I'm not sure how I can do that?

10x a lot

Posted: Sat Jun 24, 2006 2:30 pm
by pedrotuga
in you login script get the username and do something like;

Code: Select all

if ( $_POST["username"]=="admin" ){
    $_SESSION["administrator"]=true;
}

else{
 $_SESSION["administrator"]=false;
}
then in the script you want to protect put this:

Code: Select all

if ($_SESSION["administrator"]!=true){
header("location:erro.html");
}

remember you cannot ouptut anything before you send the header, so the code above needs to go on the beggining of the file.