Hey y'all.
Ok so I am working on the admin sectin of the e-commerce app I'm writing and I'm hoping there's a better way to do what I am currently doing.
In an effort to prevent circumvention of the login page I've placed a check at the beginning of each page that basically does the following:
<?php
if(loggedin()) { // entire page of code goes here } else { // redirect back to login page }
?>
By doing this people will not be able to just enter manually any URL they want and have the page load.
As far as better ways go I was thinking that maybe I could employ .htaccess somehow? But then I think that might require having user accounts registered with the server instead of just using a db and I don't want to do that.
I was thinking that maybe I could change it to this:
<?php
// define function stored in class file // (basic auth function, not at all what i'm using. // just an example.) function IsLoggedIn($input) { if(isset($input) && !empty($input)) { return 1; } else { // redirect to login page } }
IsLoggedIn($input);
// entire page of code goes here
?>
Any want to share their experiences and ideas?
Thanks, Chris. -- Don't like reformatting your Outlook replies? Now there's relief! http://home.in.tum.de/~jain/software/outlook-quotefix/
I tend to include the same file which does this for me at the beginning of pages which must have authentication. Using a function as you described (with automatic redirection to the login page) is how I would do it.
You may also want to look into a the PEAR Auth package. http://pear.php.net/package/Auth
-- paperCrane <Justin Patrin>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
