Security using session variables

[hbk]

hey guys.

i hav this page (a.php), where i ask te user for his username and password. I match these with static values, and upon succesful matching, i redirect the user to b.php.

my prob-

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

will that not SHATTER my security??

how can i implement security so that if some1 has not signed in (on a.php) and directly enters the url of b.php, he is

1. sent back to (a.php)
or
2. nothing is displayed on b.php

pls. help

thanks a lot.

[kidakaka]

Hi hbk,

Obviously, you are on the first step to making a XAMP based web application. Welcome

A quick and dirty method is to have a authentication mechanism in b.php, which will check for the username and password submitted in form of a.php. Once the user is authenticated, then you can set a session variable userid = <user_id>.

Now, every page after the authentication takes place, you need to check one thing, <user_id> is present in session or not. If it is, then the user is authenticated, if it isnt, then the user is not authenticated (redirect to login).

Kapische?

[kidakaka]

An addendum, you keep this checking in a file called as the header.php file, and include it in all the files instead of copy-pasting the codelet in each file.