If you don't like the solution from your previous thread [webmasterworld.com], and if you want the data to not be accessable to people who aren't logged in (even if they type the address in the url bar), then add this to the top of each page a link goes to:

if(!isset($_SESSION['auth'])) {
header("Location: login.php");
exit();
}
//content goes here

I hope this has helped :)

eelix:

i certainly appreciate your assistance, actually, I could not get your previous insight to work right (more likely I was not putting it in the right place!)

I like your solution here and looking at your previous answer, i am going to try this in greater depth!

Thanks a bunch!

eelix...I thank you again...your previous response from Oct 7 works as I just put it into its own page - however, is it even possible to get the links to show regardless of login status, and have the authentication take place on that page...

I guess my worry is that if i have my content stored in a DB, and have content titled 'story#1' that i can autheniticate story #1, as well as all other stories, from the same page and then move on to the actual content.

hard for me to verbalize exactly what my fear is, other than i am afraid i might have to make unique .php pages for each story, defeating my DB

Ahh...I see what you are talking about. I misunderstood you before. I was thinking the content was already separate files and that you had the links in the db. Anyway, here's a solution:

//view_content.php
if(![url=http://us2.php.net/manual/en/function.isset.php]isset[/url]($_SESSION['auth']) ¦¦ [url=http://us2.php.net/manual/en/function.empty.php]empty[/url]($_GET['id']))
{
[url=http://us2.php.net/manual/en/function.header.php]header[/url]("Location: login.php");
[url=http://us2.php.net/manual/en/function.exit.php]exit[/url]();
}
$id = $_GET['id'];
$link = mysql_connect("localhost","username","password");
mysql_select_db("db_name");
$query = "SELECT * FROM links WHERE id = '".[url=http://us2.php.net/manual/en/function.mysql-real-escape-string.php]mysql_real_escape_string[/url]($id)."'";
$result = mysql_query($result) or [url=http://us2.php.net/manual/en/function.die.php]die[/url]([url=http://us2.php.net/manual/en/function.mysql-error.php]mysql_error[/url]());
$row = mysql_fetch_array($result);
[url=http://us2.php.net/manual/en/function.mysql-close.php]mysql_close[/url]($link);
echo '<pre>';
[url=http://us2.php.net/manual/en/function.print-r.php]print_r[/url]($row);
echo '</pre>';

Now to access this, just show a link similar to the following (after they login):

<a href="view_content.php?id=24">Content with ID 24</a>

I hope this helps. Sorry for my misunderstanding ;)

P.S. Make sure to replace the pipe characters --> ¦¦

Thanks...

actually, my links and content are stored in a DB. I pull the links for any and all, but restrict access to logged in users. so, i will try your suggestions - they worked before!

In its simplest case, I would want the following to happen:

user comes to index.php - not logged in.
presented with content links A - F (generated via my DB queries)
clicks on 'a.php'
user directed to login page for authentication/login then presented with page'a.php'

In its simplest case, I would want the following to happen:

user comes to index.php - not logged in.
presented with content links A - F (generated via my DB queries)
clicks on 'a.php'
user directed to login page for authentication/login then presented with page'a.php'

Then you just have to combine your last three threads into one!

I'll try to do that now for you:

index.php

....content of page
<?php
//print links
$link = mysql_connect("localhost","username","password");
mysql_select_db("db_name");
$query = "SELECT * FROM Links WHERE DATE_SUB(CURDATE(),INTERVAL 5 DAY) <= entry AND expire > '$today' ORDER BY entry DESC";
$result = mysql_query($query)
or die ("Couldn't execute query.");

/* Display results in a table */
$storytype = ucfirst($storytype);
echo "<h1>$storytype</h1>";
echo "<table cellspacing='15'>";
echo "<tr><td colspan='3'><hr></td></tr>";
while ($row = mysql_fetch_array($result))
{
extract($row);
$f_price = number_format($price,2);
echo "<tr>\n

/* you should have a link somewhere in here;
as an example, im going to make $story the article ID */

<td><a href='view_article.php?id=$story'>$story</a></td>\n
<td>"$storycontent"</td>\n
<td>Article deleted: $expire</td>\n
</tr>\n";
echo "<tr><td colspan='3'><hr></td></tr>\n";
}
echo "</table>\n";
?>

....rest of page content

Then...

view_article.php

<?php
if(!isset($_SESSION['auth']) ¦¦ empty($_GET['id']))
{
header("Location: login.php");
exit();
}
$id = $_GET['id'];
$link = mysql_connect("localhost","username","password");
mysql_select_db("db_name");
$query = "SELECT * FROM links WHERE id = '".mysql_real_escape_string($id)."'";
$result = mysql_query($result) or die(mysql_error());
$row = mysql_fetch_array($result);
mysql_close($link);
echo '<pre>';
print_r($row);
echo '</pre>';
?>

and then...

login.php

<?php
//validate user, then redirect
if(isset($_GET['r']) && isset($_SESSION['auth'])) {
header("Location: ".urldecode($_GET['r']));
exit();
}
?>
<form action="login.php?r=<?php echo (isset($_SERVER['HTTP_REFERER']))? urlencode($_SERVER['HTTP_REFERER']): "login.php";?>" method="post">
Username:<input type="text" name="username" />
....yada yada yada
</form>

I'm pretty sure this will work. I haven't really reread over the code as much as I just copied and pasted it.

Best of luck!

Interesting...

a lot for me to digest - i will try this out, and i will certainly let you know how it works.

the most interesting thing to me is your use of the following:

<a href='view_article.php?id=$story'>$story></a>

I never knew how to do that before, i see it alot, but never have implemented it - so we are

I am most appreciative of your patience...

Ok...I have had some time to implement this...a couple of followup questions/observations...

1) index.php - displays the links and columns just fine - using this part:

<td><a href='view_article.php?id=$story'>$story</a></td>\n

I need to ensure that $story is represented by an active link in my DB...this is what shows in the nav bar:

[mysite.com...] href="story316.php">Story316</a>

2)view_article.php
what do you mean replace the pipe characters?

3)login.php
Am I correct to assume this means use my current login page and change the form action?
I currently have two settings on my login page - one for case="new" one for case="existing"

As such, my actions currenty are login.php?do=new" do I append

r=<?php echo (isset($_SERVER['HTTP_REFERER']))? urlencode($_SERVER['HTTP_REFERER']): "login.php";?>" method="post">

at the end of the new" and put a? so it reads new"?r=#*$!x

Thanks a bunch!

1)
This is what would be ideal for this situation as the structure of your links table:

id int(4) auto_increment primary_key
title varchar(255) not null
text ....you get the point

What I'm saying here is that you should have a unique ID# for each story. This will make everything sooooooo much easier. Then using a table with the previous table structure would look something like this to print out the links:

//connect to db server
$query = "SELECT * FROM links";
$result = mysql_query($query);
echo "<table cellspacing='15'>";
echo "<tr><td colspan='2'><hr></td></tr>";
while ($row = mysql_fetch_array($result))
{
extract($row);
$f_price = number_format($price,2);
echo "<tr>\n
<td><a href='view_article.php?[b]id=$id[/b]'>[b]$title[/b]</a></td>\n
<td>$text</td>\n
</tr>\n";
echo "<tr><td colspan='2'><hr></td></tr>\n";
}
echo "</table>\n"; 

This would produce links like the following:

<a href='http://www.mysite.com/view_article.php?id=316'>Story316</a>

Instead of the following:

<a href='http://www.mysite.com/view_article.php?id=<a href="story316.php"'>Story316</a>
//This format is incorrect!

2)what do you mean replace the pipe characters?

¦ <--- pipe character. Webmasterworld breaks these characters, so you must be sure to retype them if you copy and paste the code right from your browser.

3)login.php

Am I correct to assume this means use my current login page and change the form action?

Yes.

As such, my actions currenty are login.php?do=new do I append

Yes, you can append it. Something like this then:

<form action="login.php?do=new&r=<?php echo (isset($_SERVER['HTTP_REFERER']))? urlencode($_SERVER['HTTP_REFERER']): "login.php";?>" method="post">
Username:<input type="text" name="username" />
....yada yada yada
</form> 

I hope all of this makes some sense; I'm a little tired right now. If not I'll go into more detail tomorrow when I'm more awake. ;)

Good luck!

OK...

Index (part 1) works!

It forces a login as wanted! Yeah

view_article (part II) - do I need to define 'r'?

you have:

print_r($row)

When I do this, and attempt to login, this is where I point...

//www.mysite.com//login.php?do=login&r=http%3A%2F%2Fwww.mysite.com%2F%2Findex1.php

at that point, I want it to return $storycontent (which is both my own or links to other sites)..i assume if i had an external link in $storycontent that that would also execute.

Maybe I am missing something, but where is $storycontent called?

Thanks...

Index (part 1) works!

Yay we are getting there! :)

>>>do I need to define 'r'?

No, it should already be defined in the login form's action. Check the source to confirm. 'r' is the referring page that redirected to the login. So the logic here is that you click on the article link on the index, it goes to the view_article.php page. When there the script checks to see if the user is logged in, and if not, redirects to the login.php page. This is where the referer is set in the form's action. So that once the login is complete you only have to redirect back to the referring page.

(which is both my own or links to other sites)..i assume if i had an external link in $storycontent that that would also execute.

Maybe I am missing something, but where is $storycontent called?

You have to figure out how to determine which articles are from your database and which are from an external site. This way you can write a conditional to handle both. An example:

if($external == "yes") {
echo get_file_contents($location_of_article);
} else {
//query database and retrieve article
}

This last snippet is just an example. You are going to have to fit it to your needs.

Almost got it!

I tinkered with a few aspects to ensure it worked...I got it to display the contents of the row = id!

However, I am stuck on the very last piece...getting the id to redirect to external content...here is where I am using:

{
echo file_get_contents($externallink);
}

***file_get_contents was what php said was the proper format...

Make sure that $externallink has the correct value. Also, in order to be able to use this with remote files you must have allow_url_fopen [us3.php.net] enabled.

Sorry about the misspelling of the function file_get_contents! Sometimes when I'm doing multiple things at once my mind is somewhere else ;)

$externallink shows when i display the row on view_article...

I am thinking it might make sense to simply display the link/row information to the user, as a sort of confirmation...

ideally i could use some code to automatically push a button...like a hidden form piece!

my external links are simply articles that i have simply aggregated and supply to registered users...not files or anything that requires downloads.

i also might be able to use a Javascript function...

I thank you for your help...

I have found a javascript that appears to work somewhat... although it is redirecting me to my index page!

<SCRIPT LANGUAGE="JavaScript">
setTimeout("document.location = <?=$externallink?>", 5000);

</SCRIPT>

I wnated to let you know that I am going to check with the rest of the community for assistance with this last piece...I will give you credit for your patience, help, and guidance!

Thanks again!