I have two pages that require a login. the first page being catalog.php (for normal users) and admincatalog.php (for administrative editing) both pages are set to restrict access unless logged in. in fact, if you type catalog.php in the address bar, you will end up at customerlogin.php and you must log in. then and only then after successfully logging in, iyou are redirected to catalog.php. Same exact setup with admincatalog.php. The main difference is that the user names and passwords on the mysql server it will allow in are in two different tables of the database and there is not any duplicates (meaning I do not have a test account on the adminlogin but I do on the catalog).

I understand this is PHP code in a dreamweaver forum and maybe one of you know enough php to help but I thought it may be a dreamweaver problem. I also think it could be a session or cookie problem.

Here is the code DW generated after I restricted access to the page

<?php
session_start();
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "" && true) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "customerlogin.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?") $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>

I noticed the "session start" at the top. would it work to stop session when you exit the page? or is this a different problem alltogether

With dreamweaver you have to set on each page the users that have access to it.

<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
With dreamweaver you have to set on each page the users that have access to it.
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>

<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
With dreamweaver you have to set on each page the users that have access to it.
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>

how do you do this

I'm not familiar with restricting access with DW, but in my home-grown method I have a session variable in a similar way, it means that I have to put some php at the top of each page that I want to control access to, this code looks like this . . .

<pre id=code><font face=courier size=2 id=code>if($session-&gt;logged_in){

}
</font id=code></pre id=code>

it was all based on code I found at www.evolt.org/PHP-Login-System-with-Admin-Features it might be worth taking a look at that and seeing if the basic ideas transfer across to your system