Hey all,
php newbie here.
I have made up a little php password protection for a website I am playing with. This works fine (takes a form submission, checks it against an array of registered users and their passwords, sets the location header to the password protected page if the user has entered valid information).
What I am trying to do now is to set a script so when the password protected page first loads, it checks to see what the referring page was. If it is not the login page, the script should reset the location to the login page.
This is to prevent someone from just entering the url of the password protected page into the address bar, and bypassing the login page completely.
I have tried checking the @$HTTP_REFERER variable with an if statement, and if this variable contains something other than the login page url, to reset the location header to the login page.
The logic seems sound, but I am missing something in the coding I think.
Or, maybe there is a better way?
Thanks in advance for any help you can provide.
Cheers,
James