Access

Forum Moderators: coopster

Message Too Old, No Replies

Access

fotiss13

12:33 pm on Apr 5, 2004 (gmt 0)

hi,
i have created a site with a log in page and i dont want ppl to be able to access other pages before loging in. I am using php and the only way that i found to do that is just to check for some variables of the session and then allow the user to enter. e.g if(!$_SESSION['email']) go to the log in page.
Is there any other way, more "proffesional"? :)
Thanx

barn_de

1:17 pm on Apr 5, 2004 (gmt 0)

Hi fotiss13,

i don't know, if this solution is so unprofessional. we use the session also. what other solution should there be?

you of course can create a table in your db and store session id and user id. but this means for every visit to a protected page you have to query the db.

barn

lorax

2:52 pm on Apr 5, 2004 (gmt 0)

There has to be some method of checking and in the stateless nature of the web we're forced to use sessions, cookies, and IP addresses. You're solution is perfectly legit.

fotiss13

11:07 am on Apr 6, 2004 (gmt 0)

the solution is ok but if for example i check if there is a session with email and the user comes from a page that has already a session with name email he will be able to sign in. I guess its not very safe but probably its the only thing i can do.

jatar_k

4:58 pm on Apr 6, 2004 (gmt 0)

If email is setup somewhere else as well then check for a different var.

You could set specific vars depending on what is happening and unset them once they have been used.

Access

fotiss13

barn_de

lorax

fotiss13

jatar_k

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week