password redirect to page

[claass]

I'm using the code below to direct people to the page the need to see. It's code that I was given and works great. I give them a password and, when they type it in, it redirects them to their page. The problem is that I need their page to be protected so that only the person who come from this page, and type in the right password, can access the page. If they try to go to the page directly, without going through this page, they get an error message. Is that possible? If so, what php code would I put at the top of each page. Thanks for your help!

PHP Code:

<?php 

$sites = array( 
   'password1'   => 'http://www.kgcr.org', 
   'password2'      => 'http://www.colbyberean.com/jobs.php', 
   'password3' => 'http://www.kgrd.org' 
); 

$password = isset($_POST['password']) ? trim($_POST['password']) : ''; 

if($password && isset($sites[$password])) { 
   header('Location: ' . $sites[$password]); 
} 
?> 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
<style type="text/css"> 
body {margin: 0;padding: 0;background:#222 url('splash.gif') no-repeat top left;} 
#login {margin: 245px 0 0 245px;} 
#login p {margin: 2px 0 0 45px;} 
#login input {padding: 5px;color: #666} 
#login input:focus {color: #000} 
</style> 
</head> 
<body> 
<div id="login"> 
<form method="post" action="<?=$_SERVER['PHP_SELF']?>"> 
  <input type="password" name="password" size="20" maxlength="100" /> 
  <p><input type="submit" value="Submit" /></p> 
</form> 
</div> 
</body> 
</html>

[bobolibob]

If you can use session variables, that's a good way to do it. In your if statement, right before you send the header, set a session variable like so:

PHP Code:

@session_start();
@session_register("logged_in");
$_SESSION["logged_in"] = 1; 


The @ symbol keeps you from getting a notice if a session has already been started. Now at the top of all your destination pages, add the following code:

PHP Code:

@session_start();
if ($_SESSION["logged_in"] !== 1) {
     exit();  // or output an error message of your choice, then exit()
} 


If you do it this way, it will remember they're logged in until they close their browser. So if you log in and get sent to the page, then navigate away, then go back to the destination page using a direct link, you'l get back in without having to log in again. Anyone who hasn't logged in will get shut out.

[bobolibob]

Wait, I just thought about something. You need to change the value of the session variable to be something unique depending on the page. Otherwise, once you log into 1 page, you can direct link to any other protected page.

[Nile]

Maybe try something like this?

[claass]

Nile:

I didn't see anything under your comment "Maybe try something like this?" What am I missing?

[claass]

bobolibob:

Where does the error message go in the php code on the destination page? I've been doing web pages for awhile but am new to php. Thanks for your help!

[Schmoopy]

Where it says "this" (it's underlined) click on that, it's a link to the page you might find helpful.

[claass]

Thanks. For some reason it wasn't underlined on my page. But it went through anyway.

[Nile]

Ok, did this solve your problems?

[claass]

I downloaded it but haven't had a chance to test it. It will probably be this evening. I'll let you know. Thanks for your help.