I do pretty much the same thing but with seesion vars, I just check that the user and level session vars are the appropriate values before I display confidential material. -Steve.
-----Original Message----- From: Rob Day [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 11:22 AM To: 'PHP DB' Subject: RE: [PHP-DB] advise needed for 'authorized only' site I had a similar problem, but I can't promise that my solution is the best way to go about it. After the user was validated, I set a cookie. I then had all subsequent pages start with an if statement that checked for the cookie. If there was no cookie, they were sent back to the entry point. Another option if your application is somehow linear would be to make sure that the referring page is what you wanted it to be. -Rob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 10:14 AM To: PHP_DB Subject: [PHP-DB] advise needed for 'authorized only' site I have set up a section of my company site for use by authorized dealers only. I am currently using mysql authorization, which works for the first page, but if someone were to type in the url of an underlying page they would be able to get in without authorization. I know I could use .htaccess for handling this but with a minimum of 350 -400 users to keep track of that would be unwieldly to say the least, especially for my boss who doesn't have a clue about *nix and has never even heard of .htaccess. What other options do I have to keep the underlying pages from being accessed without the user being forced to go through the logon screen? Thanks, -- Chip Wiegand Computer Services Simrad, Inc www.simradusa.com [EMAIL PROTECTED] "There is no reason anyone would want a computer in their home." --Ken Olson, president, chairman and founder of Digital Equipment Corporation, 1977 (They why do I have 9? Somebody help me!) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php