PDA

View Full Version : Protecting entire directory



jschnyderite
04 Sep 2012, 09:39 AM
I'm trying to protect a directory with a php login system connected to a database of users.

This code goes onto each protected page:




<?php

session_start();

if($_SESSION['isLoged'] != 'yes' || $_SESSION['userName'] == NULL)
{
header("Location: login.php");exit();
}
?>



Config file:




<?php


/* Main Options */
//----------------

/* Which page user goes to after logoss */
$logoutPage = 'login.php';

/* Secure page to redirect to after login */
$loginPage = 'select.php';

/* Start session? Set this to false, if
you are already starting the session elsewhere
*/
$startSession = TRUE;

/* Use Cookies with sessions*/
$useCookies = TRUE;

/* Stay loged in for? -> cookies */
/* in seconds:
3600 -> 1 hr, 86400 -> 1 day
604800 -> 1 week, 2419200 -> 1 month
29030400 -> 1 year
*/
$logedInFor = 86400;

/* Domain name -> cookies */
$domainName = '**************';


/* Connect to database?
are already conneted */
$connectDatabase = TRUE;

/* Database Info */
$databaseUserName = 'prices';
$databaseUserPassword = '********';
$databaseHostName = 'mysqlv***';
$databaseName = 'prices';

/* Table Info */
$tableName = 'userlist';
$userNameField = 'userName';
$userPasswordField = 'UserPassword';

/** SEC 334 **/
?>



I'm able to login fine, which brings me to the selection page and I can select which set of data should be viewed. The problem is, using the code above on just the index page of the directory doesn't seem to protect all files, and using it on the pages I specifically want to protect puts me into a loop because it'll ask to login a second time, and logging in redirects to one specific page (which is my the page where you select what data you want to see). Can this be adjusted so I'm not protecting individual files but the WHOLE DIRECTORY?

any help appreciated. Thanks!!!