Page 1 of 1

Check whether the user have logged

Posted: Sun Mar 28, 2004 11:48 pm
by p_h_p
Hi,
Anyone know how to check whether the user have logged before they can enter into the page?

I have tried this codes but cannot work and i not sure correct anot. Can anyone pls help me?urgent!!!

loginAction.php
<?php
$user_id = $_POST['user_id'];
$password = $_POST['password'];

$db = mysql_connect("localhost", "", "");
mysql_select_db("Admin",$db);

//$query = "select Password from Admin where Username='$username'";
$query = "SELECT * FROM Admin WHERE user_id = '" . $user_id . "' AND password = '" . $password . "'";

$result = mysql_query($query, $db) or die('error making query');

if(!$row = mysql_fetch_assoc($result)){

echo '<font size = 4><br><center>Sorry. <br> Please try again.</center></font>';

} else {
header('Location: admin.php');
session_start();
session_register("sign");
session_register("user_id");
session_register("admin_level");
exit;
}
?>


deleteUser.php
<?
session_start();
$user_id = $_SESSION["user_id"];
$admin_level = $_SESSION["admin_level"];
$signin = $_SESSION["sign"];
if (!$signin)
{
header('Location: index.php');
}
else
{
header('Location: deleteUser.php');
}
?>


Thank You Very Much!

Posted: Sun Mar 28, 2004 11:55 pm
by Illusionist
yeah

Posted: Sun Mar 28, 2004 11:56 pm
by Steveo31
session_start() has to be before any output.

Posted: Sun Mar 28, 2004 11:58 pm
by Illusionist
actually Steveo, it is. but i still don't know why he has that redirect infront of it...

Posted: Mon Mar 29, 2004 12:07 am
by p_h_p
Hmm..but it not the session_start problem...it the deleteUser.php..when i click on the deleteUser.php without login, it redirect me to the login.php but when i try to login it still remain at the login.php..didn't change to deleteUser.php...

Why is it like that? thanks...

Posted: Mon Mar 29, 2004 5:04 am
by malcolmboston
try this this is what i always do

Code: Select all

// login.php
////////////////////////
// after they have authenticated
$_SESSION[user_id] = $_POST[user_id]
// the session should now be set and availabe throughout
// the pages, IF session_start is called, also its worth noting
// you should put this in an if statement, with the condition being that
// the users credentials were verified
now on pages that require login

Code: Select all

<?php
session_start();
if (isset($_SESSION[user_id]))
{
// the guy is logged in
}
else
{
// this guy isnt logged in, so we'll redirect
header('Location: login.php');
exit;
}
?>
you could actually shot the above script into a page and use it as an include.

hope this helps