Restrict Unauthorised Users to a page

**Smellie** · Jun 5, 2003 14:41

Hi all -

I hope someone can help. I have put in php script to a page to get users to complete a login procedure but, how do you stop people from simply cutting and pasteing the URL and so bypassing the log in page? I have to be honest, PHP is not my strong point, and I have been going round and round in circles with this one for days and days.

Hope someone can help, I am losing the will to live!!!!!

**Rick** · Jun 11, 2003 05:48

Hey there Smellie...

There are a number of ways to do what your talking about, but my favourite is the method that Kevin Yank discusses in his article Managing Users with PHP Sessions and MySQL Using the article you should be able to achieve exactly what you want.

You can then easily protect each page using one line of php code, <?php include('accesscontrol.php'); ?>.

Cheers
ZOO

**Smellie** · Jun 11, 2003 06:15

Zoo - Thanks for the reply. Yes, you are right, Kevin Yank's method is by far the simplest I have come across since I started this whole thing! I am glad to say, that with the help of his article, it is all in place now.

**Rick** · Jun 11, 2003 06:16

Excellent, Glad you got it sorted

**vien** · Jun 11, 2003 06:48

Even this could work:

PHP Code:


if(isset($login)){//login determines if a variable has been passed to this page. 

    ...

    //process the users,passwords.

    ...

} else {

    echo "You have to login to access this page!";

    include ("login.php");//login page

}

**Rick** · Jun 11, 2003 06:51

That's essentially what the script does at the moment, but all of that is kept in a file which just needs to be included in each page rather than having to put that code in everypage

**Ghz** · Jun 11, 2003 07:26

I'de rather use the cookies to restrict the access of the users to some pages. And by this way you can do alot of things too other than making the restrictions like playing someone's personal information and so on.
Regards,

**Dr Livingston** · Jun 11, 2003 07:27

To prevent someone going to another part of your website simply by typing in the url; use SESSIONs on all pages and check first their username and password against the database; if no match then re-direct to the log in page; works every time. Just remember those SESSIONs you need on all pages you want users to log in for.

**vien** · Jun 13, 2003 11:11

Dr. Livingstone! you are right. i think that is a better of tracking users and protecting pages using the sessions.

User Tag List

Thread: Restrict Unauthorised Users to a page

Thread Tools

Display

Restrict Unauthorised Users to a page

Bookmarks

Bookmarks

Posting Permissions