Hey
Well the story is my index page calls a header, cell and footer. The cell being the changing element. I'm now adding member only pages and don't know how to protect the page from unauthorised access.
I use this..
<?php
session_start();
if( @$_SESSION['auth'] !="yes")
{header("Location: ../index.php?cellname=pagecells/noauth.php");
exit();
}
?>
and I call it at the start of the cell file that requires protection. Problem is I get errors regarding the header already being sent.
So any ideas on a better way to structure my page. I have offcourse considered sending logged in users to a new php file totally but once again I would want to use cells in that page. If those cell files exist back to square one they will simply be accessed view the original and free to access index.
Only option is whole range of pages created for users only!
thanks for any advice
You're getting that message because you are trying to modifiy the browser headers after they have already been sent. You should be putting it before your HTML.
<?PHP
session_start();
if( @$_SESSION['auth'] !="yes")
{header("Location: ../index.php?cellname=page
exit();
}
?>
<html>
...
</html>
Creating a "user/members only area" is no more complicated than your cell approach and in the long term more desirable (think of expansion).
For security store the session_id() in a database table on the server and a cookie on the client. When the user is authenticated, the database table is populated with the user name and session_id() and the cookie with the same. When a new page is accessed, do a check on the database table that the current user and session_id() match with that of the cookie.