Hi Allen,
What you should do is check the session variable from within PHP. If it
doesn't exist, you redirect to a PHP authentication form.
So at the head of each page you need something like:
<?php
session_start();
if(session_is_registered("logged_in") == false)
{
header("location: login.php"); // redirect to login page
exit();
}
// continue on here
?>
And in your PHP authentication form, you register the logged_in variable
after the user details have been authenticated:
<?php
// user details have been authenticated at this stage
session_start();
session_register("logged_in");
$logged_in = true;
header("location: somepage.php"); // redirect to the page they were
originally going to
exit();
?>
Cheers,
Kelly.
> I have been using the .htpasswd/.htaccess convention to authenticate our
> 3000 employees.
> I want to move away from the .htpasswd/.htaccess convention and use a PHP
> form to authenticate against the database.
>
> I can create the PHP authentication page, no problem, but how do I check
> authentication on the thousands of HTML pages I already have on the site?
> For several reasons I don't want to do cookies. Can I set a session
variable
> in the PHP and conditionally check it with Javascript, if fail go to PHP
> authentication form?
>
> What is the javascript session variable function?
>
> Thanks
>
> -Allen
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
