hey guys having a little problem i want to block other pages from being seen without them being logged at the moment my script directs the user to the secret.php page only but if the user knew the other pages they could get in with no problem. is there anyway of preventing multiple page blocking by using multiple headers i.e header(“Location:secret.php”);
i have tried certain things but still no luck
[code]
<?php $userDB = array("pcjohn" => "secret", "ewood" => "secret", "helen" => "secret"); function getPasswordForUser($username) { global $userDB; return $userDB[$username]; } function validate($challenge, $response, $password) { return md5($challenge . $password) == $response; } function authenticate() { if (isset($_SESSION[challenge]) && isset($_REQUEST[username]) && isset($_REQUEST[response])) { $password = getPasswordForUser($_REQUEST[username]); if (validate($_SESSION[challenge], $_REQUEST[response], $password)) { $_SESSION[authenticated] = "yes"; $_SESSION[username] = $_REQUEST[username];; unset($_SESSION[challenge]); } else { header("Location:login.php?error=".urlencode("Failed authentication")); exit; } } else { header("Location:login.php?error=".urlencode("Session expired")); exit; } } session_start(); authenticate(); <?php $userDB = array("pcjohn" => "secret", "ewood" => "secret", "helen" => "secret"); function getPasswordForUser($username) { global $userDB; return $userDB[$username]; } function validate($challenge, $response, $password) { return md5($challenge . $password) == $response; } function authenticate() { if (isset($_SESSION[challenge]) && isset($_REQUEST[username]) && isset($_REQUEST[response])) { $password = getPasswordForUser($_REQUEST[username]); if (validate($_SESSION[challenge], $_REQUEST[response], $password)) { $_SESSION[authenticated] = "yes"; $_SESSION[username] = $_REQUEST[username];; unset($_SESSION[challenge]); } else { header("Location:login.php?error=".urlencode("Failed authentication")); exit; } } else { header("Location:login.php?error=".urlencode("Session expired")); exit; } } session_start(); authenticate(); header("Location:secret.php"); exit(); ?>exit();
?>[/code]
MOD EDIT: Added code tags