Thanks for the information. In the code you provided ----if ((!$passwd) || (!$username)) // user hasnt logged in { .....
Actually I have implemented this in a separate page. That is upon sign up of the <form> in the index page I call a new page auth.php In that file I have done this authentication and called the function header ("Location: /main.php?empid=$empid&pwd=$pwd"); Actually when passing this URL the password appears in the address bar. How to over come this? It will be very much usefull if I get the answer. Thanks in advance -Murugesan ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- - Ok lets say you want every user to login before they can access other parts of your site. index.php: <? session_name("mysessionname"); session_start(); session_register("s_authed"); $s_authed = 0; // initialize session flag if ((!$passwd) || (!$username)) // user hasnt logged in { // display login form ... } else { // retrieve database username and password here ... // check if they match if (($db_passwd == $passwd) && ($db_username == $username)) { $s_authed = 1; // user has been authorised // redirect to real page echo " <script> window.location='main.php' </script>"; } } ?> main.php: <? session_name("mysessionname"); session_start(); if (!$s_authed) // check access { // user hasnt been authorised, therefore redirect to login page echo " <script> window.location='index.php' </script>"; } else { // display page ... } ?> if a user tries to access main.php directly without logging in they will be redirected to index.php checkout http://www.php.net/manual/en/ref.session.php for more information > > > Thanks for the message. > Can you please tell me how to do session authentication?. > > -murugesan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php