[eric]

Working on some admin pages for a PHP/MySQL application. I'm really new to these languages, I've only read like 2 tutorials, so bear with me. I coded a basic login page with username and password fields. When the correct ones are entered the user is taken to the administrator menu page. From there, you can navigate to a ......./create.php page, for example. My concern is that a user can skip the login process altogether if he/she types http://<path>/create.php directly into the address bar, which takes the user directly to that page and bypasses the login process. Is there anyway to prevent this, like to secure all the pages accessed after logging in? I was researching this and I think I have to start a session with the session_start(); command, but it kept giving me errors dealing with session_cache_limiter or something similar.

Does anyone have any good ideas how to do this?