Advice - Is this even possible?

I have a project i am not sure how to achieve the desired results. I need some advice/direction if anyone can help.

I have a domain name. Under that domain lots of individual websites:

??????.com
??????.com/website1
??????.com/website2
??????.com/website3

1) The domain home page has a login screen. Depending on the username and password the user is taken to the relavent website index page.
This would all work fine i could specifiy the user/password and corresponding website directory in a mysql table

THE DILEMA - The websites are large and always being updated therefore i cannot add corresponding (session) php code to every html webpage within the websites. Therefore how can I stop a user copying and pasting a external link to one of these pages or files located within the website i.e. bypassing the login.

Any ideas?

Are cookies out of the question?

hi
it needs to be secure. what are you thinking?

you could use HTTP_AUTHENTICATION (htpasswd & htaccess) which will give you folder based authentication.

note that if the sites are built with forethought then it would be easy to make sure every page includes a config file which would set the relevant sessions etc.

you could use HTTP_AUTHENTICATION (htpasswd & htaccess) which will give you folder based authentication.

note that if the sites are built with forethought then it would be easy to make sure every page includes a config file which would set the relevant sessions etc.


Looking at this further HTTP authentication appears the only way to successfully secure the folders.
The problem with this as far as i am aware is that using htaccess i cant find a way to incorporate the central login screen.
Any ideas how to login then be taken to the correct website folder which is then protected?.

You can use a file or a database to assign usernames to urls... or that's not possible for you?

If you are running apache, I would recommend you configure <virtualhost> blocks for the individual sites.
for example some one would use site1.???.com and that would lead them to the site one folder.


Edit:
read through this some more.
I see what you are trying to do, what you would want to do to keep things secure is use PHP session codes.
To do this you can add a file to the auto append directive in your PHP.ini file. with this central file, you would only have to validate site cookies or session data.