Лови пример на PHP (index.php, authorize.php,secretpage1.php,secretpage2.php)
Любая защищённая страница должна содержать в начале (без пустых строк, т.е. в самом начале) код:
<?php
unset($logged_user,0);
session_start(,0);
if(!isset($_SESSION['logged_user'])){
header("Location: index.php",0);
exit;
}
?>
и потом что тебе хочется.
Меняешь:
1. $SERVER_ROOT на имя своего сервера (в файле authorize.php)
2. "user" (в файле authorize.php)
3. "password" (в файле authorize.php)
==============
authorize.php
==============
<?php
if (array_key_exists('user_name',$_POST)) $user_name=$_POST['user_name']; else unset($user_name,0);
if (array_key_exists('user_pass',$_POST)) $user_pass=$_POST['user_pass']; else unset($user_pass,0);
session_start(,0);
$SERVER_ROOT = "http://your.server";
if ( (array_key_exists('HTTP_REFERER',$_SERVER)) && (eregi("^$SERVER_ROOT",$_SERVER['HTTP_REFERER'])) ) {
if (array_key_exists('Submit',$_POST) ) {
/*****************************/
/* Authorization begin !!! */
/*****************************/
if ( ($user_name=="user") && ($user_pass=="password") ) {
/*****************************/
/* Authorization end !!! */
/*****************************/
$_SESSION['logged_user'] = $user_name;
header("Location: secretpage1.php",0);
exit;
}
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN"
"http://www.w3.org/TR/REC-html40/frameset.dtd">
<html>
<head>
<META http-equiv="Default-Style" content="Normal">
<title>Wrong authorization!!!</title>
</head>
<body>
You supplied a wrong password!
<a href="index.php">Back</a>
</body>
</html>
==============
index.php
==============
<?php
if (array_key_exists('Logout',$_POST)) {
session_start(,0);
$_SESSION = array(,0);
session_destroy(,0);
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN"
"http://www.w3.org/TR/REC-html40/frameset.dtd">
<html>
<head>
<META http-equiv="Default-Style" content="Normal">
<title>Protected Area</title>
</head>
<body>
<form action="authorize.php" method="post">
Login: <input type="text" name="user_name">
Password:<input type="password" name="user_pass">
<input type="submit" name="Submit">
</form>
<a href="secretpage1.php">secret page 1</a>
<a href="secretpage2.php">secret page 2</a>
</body>
</html>
==============
secretpage1.php
==============
<?php
unset($logged_user,0);
session_start(,0);
if(!isset($_SESSION['logged_user'])){
header("Location: index.php",0);
exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN"
"http://www.w3.org/TR/REC-html40/frameset.dtd">
<html>
<head>
<META http-equiv="Default-Style" content="Normal">
<title>Protected Area. Page 1</title>
</head>
<body>
Hallo, <?php echo $_SESSION['logged_user']; ?>, you are on the secret page 1 :)
<a href="secretpage2.php">secret page 2</a>
<form action="index.php" method="post">
<input type="submit" name="Logout" value="Logout">
</form>
</body>
</html>
==============
secretpage2.php
==============
<?php
unset($logged_user,0);
session_start(,0);
if(!isset($_SESSION['logged_user'])){
header("Location: index.php",0);
exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN"
"http://www.w3.org/TR/REC-html40/frameset.dtd">
<html>
<head>
<META http-equiv="Default-Style" content="Normal">
<title>Protected Area. Page 2</title>
</head>
<body>
Hallo, <?php echo $_SESSION['logged_user']; ?>, you are on the secret page 2 :)
<a href="secretpage1.php">secret page 1</a>
<form action="index.php" method="post">
<input type="submit" name="Logout" value="Logout">
</form>
</body>
</html>