From the PHP manual:Pavilion wrote:The following code snippet was included to redirect users if they are not logged in:
I found this approach with some research. But I'm not quite sure what "output buffering " is and why it is necessary. In my mind the code snippet should check to see if $_SESSION has user_id. If there is no user_id the user should be redirected to login.php. It does work, but is ob_start() necessary?Code: Select all
ob_start(); // output buffering starts here. if(!isset($_SESSION['user_id'])){ header("Location: login.php"); }
So there's what it does. Certainly doesn't seem necessary in this case.While output buffering is active no output is sent from the script (other than headers), instead the output is stored in an internal buffer.
I typically just check if $_POST contains anything.Pavilion wrote:paired withCode: Select all
if (isset($_POST['formsubmitted'])) { // This tests to make sure form is submitted before error handling. Without this check, error messages will appear on simply opening the page because defaults don't fill in BEFORE script runs.
I only used this combination because it prevents error messages from displaying BEFORE the input control default values fill in. Is there a better way to stop error messages from prematurely filling in?[Code: Select all
<input type="hidden" name="formsubmitted" value="TRUE" />
Code: Select all
if (isset($_POST))Yes.Pavilion wrote:Is it necessary to start a session on every php page? Once a session is started at the login page, is it necessary to start a session on every page afterward?
On the whole it looks good. I would replace the mysql_ functions with their MySQLi equivalents and there's some pretty similar code for parsing desk phone and cell phone that I'd consider wrapping in a function depending how frequently it's going to be used. Definitely a solid first effort, though.Pavilion wrote:Overall, is there anything you would change with this script?