Page 1 of 1

security issue

Posted: Thu Mar 12, 2009 3:58 pm
by atemught
Hi all
I am building a small website with an area where members must log in, the problem is that if you enter the URL of a membership area page in your browser, you get access to this page even if you are not a member or not logged in. Is there a way of preventing this?
Thank you

Re: security issue

Posted: Thu Mar 12, 2009 4:46 pm
by Mordred
Read about sessions.
On a successful login, set a session variable like $_SESSION['logged']=1;
On logout, unset it.
On the membership page, check if it's 1, if not redirect to the login page and call exit();