on my site i have 2 pages, a simple password protected page called login.php and the main webpage called index.php
I am trying to prevent users from directly accessing 'index.php'
index.php directly, it would redirect to login.phpindex.php file.Currently, I'm stuck in a loop.
index.php directly, i am redirected to login.php - this is okindex.php then looped back to the `login.php' pagehow do prevent this loop please
// index.php
<?php
if (!isset($include_allowed)){
die("<meta http-equiv='refresh'content='0;url=\"http://www.myweb.com/login.php'>");
}
?>
-
// login.php
<?php
$include_allowed = true;
?>
many thanks (sorry if its confusing)
please note, there is no username, just a basic password form that checks the password matches the variable before sending to the 'index.php' page
if ($pass == "mypassword") {
There are a ton of tutorials on the web about setting up an authentication system for your website. What you are looking for is using sessions.
Heres a good article on it: http://www.phpbuilder.com/columns/user-authentication/Jason_Gilmore05172011.php3
basically, from here (having the login page), you'd want to have something like
if( !isset( $_SESSION[ 'isLogged' ] ) ) {
header( 'Location: login.php' );
}
in your index.php
More Links:
http://www.slideshare.net/chadhutchins/basic-user-authentication-with-php-mysql
http://www.9lessons.info/2009/09/php-login-page-example.html
EDIT:
You can also take a look at: Http Authentication with PHP, if you want to avoid using sessions. This can actually also get rid of your login.php script