login page only blocks one page ? can someone help :)

hey guys having a little problem i want to block other pages from being seen without them being logged at the moment my script directs the user to the secret.php page only but if the user knew the other pages they could get in with no problem. is there anyway of preventing multiple page blocking by using multiple headers i.e header(“Location:secret.php”);

i have tried certain things but still no luck :frowning:

[code]

<?php $userDB = array("pcjohn" => "secret", "ewood" => "secret", "helen" => "secret"); function getPasswordForUser($username) { global $userDB; return $userDB[$username]; } function validate($challenge, $response, $password) { return md5($challenge . $password) == $response; } function authenticate() { if (isset($_SESSION[challenge]) && isset($_REQUEST[username]) && isset($_REQUEST[response])) { $password = getPasswordForUser($_REQUEST[username]); if (validate($_SESSION[challenge], $_REQUEST[response], $password)) { $_SESSION[authenticated] = "yes"; $_SESSION[username] = $_REQUEST[username];; unset($_SESSION[challenge]); } else { header("Location:login.php?error=".urlencode("Failed authentication")); exit; } } else { header("Location:login.php?error=".urlencode("Session expired")); exit; } } session_start(); authenticate(); <?php $userDB = array("pcjohn" => "secret", "ewood" => "secret", "helen" => "secret"); function getPasswordForUser($username) { global $userDB; return $userDB[$username]; } function validate($challenge, $response, $password) { return md5($challenge . $password) == $response; } function authenticate() { if (isset($_SESSION[challenge]) && isset($_REQUEST[username]) && isset($_REQUEST[response])) { $password = getPasswordForUser($_REQUEST[username]); if (validate($_SESSION[challenge], $_REQUEST[response], $password)) { $_SESSION[authenticated] = "yes"; $_SESSION[username] = $_REQUEST[username];; unset($_SESSION[challenge]); } else { header("Location:login.php?error=".urlencode("Failed authentication")); exit; } } else { header("Location:login.php?error=".urlencode("Session expired")); exit; } } session_start(); authenticate(); header("Location:secret.php"); exit(); ?>

exit();
?>[/code]

MOD EDIT: Added code tags

the only thing i think you can do is have that start session var of all of the secret pages or pages you want people to be logged in to see and then check to see if a session that you set when they log in is set

and you would need to put that on every page or you could put it in a external php page and just include that on all pages

Also, have your code checked. At the bottom I see you using the following construction twice:

exit;
?>

Elsewhere in your code I can also see you opening with <?php tags when you’re already in PHP mode. You can’t open PHP tags twice.

Sponsor our Newsletter | Privacy Policy | Terms of Service