So i am working on a script for my friend. I am using the code from Zend's website as a means of authentication as so:


<?php
$auth = false; // Assume user is not authenticated

if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {

// Connect to MySQL
include 'db.inc.php';
mysql_connect( 'localhost', $dbuser, $dbpass)
or die ( 'Unable to connect to server.' );

// Select database on MySQL server

mysql_select_db($dbname)
or die ('Unable to select database.' );

// Formulate the query

$sql = "SELECT * FROM users WHERE
username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW'";

// Execute the query and put results in $result

$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );

// Get number of rows in $result.

$num = mysql_numrows( $result );

if ( $num != 0 ) {

// A matching row was found - the user is authenticated.

$auth = true;

}

}

if ( ! $auth ) {

header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;

} else {
//authenticated
}

?>


What should i put in the authenticated area to ensure that members only pages are accessed only by members. For example, maybe ill put a

header("location: members.php");

What should I use to keep members.php secure?

Sessions?

Should use PHP sessions. They are pretty easy to implements on most sites.

TR

http://www.google.com/search?q=session+site:www.php.net&l=en