I'm working on a little php/mysql cms and I want to add a simple user/password to one section of pages (a single user name/pwd is fine for now). I have an engine.php application in the root directory. This takes a page reference from the url, finds the names of the relevant files from mysql, then combines these files and delivers them to the client. Each sections has it's own content directory, and the engine includes the content from the relevant directory.

I was hoping to use .htaccess for the content directory, but obviously php bypasses this security. So I need a new idea.

The simplest idea is to replicate the engine in a secure directory, but this seems to be an in-efficient solution.

Any more elgant suggestions? -- given that the question is fairly vague, links or references on securing pages in php would be useful.

You know anything about php session ?
hmm dont have the links here, when i get home if i remeber i`ll try finding some... theres plently of stuff tho.. just go to php.net and search 'session' .. a session var will let you conrtoll acess to as many pages as you want.. you see...
once the user logs on in login script you`ll be adding this... or
session_start()
session_register()
or summut along those lines... now that automatically creates a session var or ID if you will... now on any page you want to be protected just call the session var with php again and say something along the lines of...

if ($session_var_name != $whatever) echo(" you cant view the page!");
else
echo(" all the stuff you want them to view.. :D )";

lemme know how it goes ;)
cheers
P :thumbsup: