I have this script
<?php $username = "namey"; $password = "passy"; $salted = "salty"; if (isset($_COOKIE['Cookiename'])) {if ($_COOKIE['Cookiename'] == sha1($password.$salted)) { ?> <body> <span> it works </span></body> <?php exit;} else { echo "cookie error"; exit;}} if (isset($_GET['auth']) && $_GET['auth'] == "login") { if ($_POST['user'] != $username) { echo "username error"; exit;} else if ($_POST['keypass'] != $password) { echo "password error"; exit;} else if ($_POST['user'] == $username && $_POST['keypass'] == $password) { setcookie('Cookiename', sha1($_POST['keypass'].$salted)); header("Location: $_SERVER[PHP_SELF]");} else { echo "server error";}} ?> <div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>?auth=login" method="post"> <label>Username<input type="text" name="user" id="user" /></label><br/> <label>Password<input type="password" name="keypass" id="keypass" /></label><br/> <input type="submit" id="submit" value="Login"/> </div> </form>
& basically i need every link on the site to come though here & look if the user is logged in before letting him access the requested page.
Advertisement
Answer
You can create a main php file and add a check to look if the user is logged-in.
And include the main php file at the top of every script you want to protect.
so if you create a file called check.php
//add this to the created file check.php if (!isset($_COOKIE['loggedin']) && !$_COOKIE['loggedin']){ header('Location: YOUR URL') die(); }
and add this setcookie('loggedin', true));
under setcookie('Cookiename', sha1($_POST['keypass'].$salted));
and include check.php at the top of your scripts.
hope this helps 🙂