[thelist] PHP / MySQL User Login System

Jake Aust mail_lists at jakesdiner.com
Wed Feb 27 21:19:01 CST 2002


On 2/27/02 6:59 PM, "Andrew Forsberg" <andrew at thepander.co.nz> wrote:

>> In my current model, I assume that I would need to add the session variable
>> checking to each page of content. This is not a good thing. I don't want to
>> have to do this if at all possible.
>
> Do you have a generic header included on each page? This would be
> really easy if that's the case! If not, then it's only one include,
> and one function call at the top of each non-home page file...
>

Well...I don't think so. I mean, each user will have a directory that they
will be able to access. I am not sure how to handle this is a generic
header. Well...I guess I can just check the session variable, if it is TRUE
then do nothing, if it isn't, redirect to a login page. So, if it is a
generic header, how can it be easy....I mean it's easy but I have to include
the code at the top of each page. Is there a way to mimic the Apache model
where you specify the access requirements on the directory level?


>> Is it possible to have all the links from my "home page" link back to the
>> "home page" with a variable tagged on that defines which content to display
>> and then get the home page to display the requested page instead of the home
>> page?
>
> If you mean, have the links point to the home page with variables
> that activate a script to check the login status, then redirect, then
> yes -- but the other pages can still be accessed directly, which
> would kinda suck.
>
> If you mean any attempt to access another page will redirect to home
> for authentication and another redirect back to the original page,
> then no. ;-) You're better off just having an authentication script
> included on each page, or in a header file. Otherwise you'll need to
> include a script at the top of each non-home page *anyway* which
> redirects to home, get the home page to authenticate, then redirect
> to the original page. Argh! :)


What I meant here was to have the home page access the file contents of the
page being linked to. In other words:

You land on HomePage.php4. Since you specified no variable, it just displays
the directory.

When you click on one of the items in the directory, it just calls
HomePage.php4 again, but with a variable named "content" appended like:
HomePage.php4?content=page1.html. Since the "content" variable is defined,
this time the HomePage.php4 doesn't display the directory, but instead opens
the file "page1.html" from the users subdirectory and streams it to the
browser unaltered. In this way, the login status is being checked every
time, but the pages to be viewed don't have to be modified. Then we just
lock the user subdirectory from direct browser access. Is this crazy?

Jake




More information about the thelist mailing list