Page 1 of 1

Protect pages and use global db connection

Posted: Sun Oct 28, 2012 2:06 pm
by absfrm
Hi every one
I'm a new php developer and generally i have some question
1 : I write a code for session and cookie , and now how can i protect all of my pages?
have to put session_start(); and some code before any code in my php pages?
or we have some better ways?


2 : How can i use db connection globally? for example , i'm using mysqli and if i don't include db.php in each page or each function , ... i have error .

what should i do?

thanks before your help
Regards

Re: Protect pages and use global db connection

Posted: Sun Oct 28, 2012 6:53 pm
by Christopher
absfrm wrote:1 : I write a code for session and cookie , and now how can i protect all of my pages?
have to put session_start(); and some code before any code in my php pages?
Put that Access Control code in a file and include it at the top of every page that you want to protect. Something like:

Code: Select all

session_start();
if (!isset($_SESSION['access_allowed']) && !isset($_COOKIE['access_allowed']) {
     header('Location: http://www.mysite.com/access_denied.php');
     exit();
}
absfrm wrote:2 : How can i use db connection globally? for example , i'm using mysqli and if i don't include db.php in each page or each function , ... i have error .
You need to include db.php in every page that uses the database.
absfrm wrote:or we have some better ways?
When you get more experienced, look into the Front Controller pattern.

EDIT: following Mordred's excellent advice, added exit() after header() so anyone viewing this post in the future will see corrected code

Re: Protect pages and use global db connection

Posted: Mon Oct 29, 2012 6:00 am
by Mordred
Always die() or exit() after a header('Location: ...'), otherwise the code below the header still gets executed.

Re: Protect pages and use global db connection

Posted: Fri Nov 02, 2012 8:27 am
by dharmeshb
Don't mean to hijack the thread, but my question is related. I am learning php as well.

I created a db.php file with the db connection.. that looks like

Code: Select all

<?php
         $Host = 'host';
         $Name = 'database';
         $User = 'user';
         $Password = 'password';
        
        $link = mysqli_connect($Host, $User, $Password, $Name);
        mysqli_select_db($link, $Name);
?>
Then my functions.php file that I am using to write my db functions looks like

Code: Select all

<?php 
     include 'db.php'; 

    function userCheck($UName) {
            $uname = mysqli_real_escape_string($link, $UName);
            $query = mysqli_query("SELECT 1 FROM 'users' WHERE 'Username' = '" . $uname . "'");
            $rows = mysqli_num_rows($query);
            if ($rows > 0){
                return true;
            }
            else{
                return false;
            }
    };
?>
But when I try to login I get Notice: Undefined variable: link in functions.php and Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in functions.php

Please advise what I am doing wrong.

Re: Protect pages and use global db connection

Posted: Fri Nov 02, 2012 9:00 am
by Mordred
In PHP the variables are local by default. You need to explicitly declare $link as global:

global $link;

Also, learn about include, require, include_once and require_once. Use require_once('db.php'), otherwise you can include it twice by mistake and create twice as many DB connections.