Simply put you can not protect HTML pages through your login system. You must have some kind of continuous login/check at the top of each page. Give the page the .php extension so it can parse and execute the check. If you're using Cookies that's perfect.. you can just check for the existance of that cookie at the top of each page. Same thing if you were using sessions. They can only get the cookie or the session from one script... your login script. So as long as you continuously check for that you're pretty much all set. -Kevin
> ----- Original Message ----- > From: "Youngie" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, July 08, 2002 11:54 AM > Subject: [PHP] Checking for a successful login and setting a global flag. > > > > Hi Follks > > > > I'm writing an application that requires the user to login to gain access > to > > the rest of the site. > > The login dailog is on index.html, once verified by login.php the user is > > presented with a menu from > > which he can select several options option1.htm which executes a query > > through option1.php etc, > > option2.htm and option3.htm and so on. But there's nothing stopping him > > from bypassing the login completely > > and just brining up option2.htm directly in the browser. I'm looking for > > some kind of mechanism to set a > > flag for a successful logon in index.php that can be tested in the other > php > > scripts. > > > > I tried using a cookie and got that to work but the user can close the > > browser, reopen and the cookie is still > > set. I looked in to session variables but one page could seem to see the > > session variable values set in the > > login page, it saw the variable was registered but not the value it was > set > > to. > > > > I know this has to be a simple exercise but I'm a newbie. > > > > Thanks > > > > John. > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
