The problem is that you don't have any authentication protecting the quiz page. This can be achieved by checking for a successful login via cookies or sessions on the quiz page itsself.

If you want to, you can replace

echo "<script language=\"JavaScript\">document.location.href='"."examplepage"."';</script>";

with

header("location:http://www.example.com/quizpage.html");

as long as there is no text echo'd before the header command, which there shouldn't be. :-)

There are basically two simple approaches.

The simplest, if you simply want to make sure they come from a given page is to use the standard PHP variable

$_SERVER['HTTP_REFERER']

to see which page they came from. If it's not the one you want, send them back to another page using

header("Location: otherpage.php");

If you want to check login, most people use sessions [us4.php.net] to track users. Essentially, upon successful login, you set a variable or set of variables that tell you whether the person requesting the current page has previously logged in or not. If not, you send them to a login page.

[edited by: ergophobe at 5:18 pm (utc) on April 27, 2005]

and if you're not already setting a login cookie...

//put this above the header redirect on successful login...
setcookie("loggedin", "1");
//redirect to protected page via method of choice

and on the page you want to protect...

<?
if($loggedin!="1") {
header("location:http://www.example.com/login.html");
}
?>
//rest of quiz html below

I assume you're just learning PHP, and this simple method of "protecting" a page will work fine for you for now. If you ever need to protect anything important, it gets a lot more complicated.

more on setcookie() [php.net]
more on header() [php.net]

Thanks for the help, however upon successful login or not it displays quiz.php, but no html: here is my code

<?php
if($loggedin =="1") { header("location:http://www.example.com/login.php"");
}
?>

<html>

<head>
<title>QUIZZZZZZ</title>
</head>

<body>
<body bgcolor="#0066FF">

<p align="center">&nbsp;</p>

<p align="center"><b><font face="Palatino Linotype" size="4" color="#00FF99">Press
// more html etc.....

</body>

</html>

I put the setcookie code above the header redirect. IF I comment out the cookie check for quiz.php, it displays the html fine.

Sorry, code is actually:
<?php
if($loggedin!="1") {
header("location:http://example.com/login.php"");
}
?>

I was trying to play with it a bit....
If I log in, success: the url is www.example.com/quiz.php, but a blank page

If I go directly to that url, www.example.com/quiz.php, it doesn't redirect and displays a blank page.

thx

[edited by: ergophobe at 6:01 pm (utc) on April 27, 2005]
[edit reason] no personal urls please [/edit]

header("location:http://example.com/login.php"");

should be

header("location:http://example.com/login.php");

(only one quotation mark)

[edited by: ergophobe at 6:01 pm (utc) on April 27, 2005]
[edit reason] no personal urls please [/edit]

Thanks, that was dumb..I guess I need to take a break;

That worked to display the html, except that it still displayed, even if I went right to the URl, does the cookie stay there, so they only log in one time ever?

Also, I looked into the session variables instead of the cookies, I thought I could make it work that way:
// if success login
$_SESSION['auth'] = true; header("location:http://www.example.com/quiz.php");

In the quiz page:
<?php
if ($_SESSION['auth']!= true) {
header("location:http://www.example.com/login.php");
}
?>

Now even if I success login, always goes to login.php

any help would be great, sorry to be a bother

$loggedin =="1"

Where does the value for $loggedin come from? Remember, any value you set in a cookie is not available until the next page.

If you have register_globals off (as you should really), then you must get values using the superglobals like

$_SESSION['loggedin']
$_COOKIE['loggedin']
$_POST['loggedin']

as the case may be.

That worked to display the html, except that it still displayed, even if I went right to the URl, does the cookie stay there, so they only log in one time ever?

It allowed you to view the page because you had previously logged in successfully. The cookie was set on the login page after the username/password were validated, right before you were redirected to the quiz page. You can control how long a cookie is valid... check out setcookie [php.net]

ergophone -- sorry if I didn't exlampify url, was 99.9% sure I had....

$_SESSION['loggedin']
$_COOKIE['loggedin']
$_POST['loggedin']

looked into this, and changed my code, however now wether I log in correctly, or just go to the page: quiz.php, it redirects to www.example.com

login.php
// success user login
$_POST['uname'] = stripslashes($_POST['uname']);

$_SESSION['username'] = $_POST['uname'];
$_SESSION['password'] = $_POST['passwd'];
$db_object->disconnect();
setcookie("loggedin",1,time() - 1800);
echo "<script language=\"JavaScript\">document.location.href='"."http://www.example.com/quiz.php"."';</script>"

quiz.php
<?php
print_r($_COOKIE);
if ($_COOKIE['loggedin']!= 1) {
echo "<script language=\"JavaScript\">document.location.href='"."http://www.example.com"."';</script>";
}

?>

<html>

<head>
thx in advance...