[SOLVED] Preventing someone from skipping login page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

stantheman
Forum Commoner
Posts: 38
Joined: Wed May 26, 2004 8:57 am

Preventing someone from skipping login page

Post by stantheman »

How can I prevent someone from typing in the filename to by-pass the login menu? Is there away to prevent this?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

[php_man]session[/php_man]
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

Code: Select all

<?php
if (isset($_SESSION['logged'])) {

// display page

} else {

// display login page

}
?>
stantheman
Forum Commoner
Posts: 38
Joined: Wed May 26, 2004 8:57 am

Post by stantheman »

So on the login page to you have to see the session['logged'] = true
and then you the if statement on all the othe pages that you want to protect
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

yeah, after the log-in (provided all the info was correct) set a session var, then use the isset with if statements to see if the session var is set/true/false, not set, etc.

easiest way to do it, effective as well.

:wink:
stantheman
Forum Commoner
Posts: 38
Joined: Wed May 26, 2004 8:57 am

Post by stantheman »

can you show me how to see a session var i'm new to this php stuff

is it $_SESSION['login'] = true
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

yeah u can assign any var to the SESSION global. ie:

/ $_SESSION['logged'] = true;

/ $tim = "tim";
$tim = $_SESSION['name'];

/ $_SESSION['name'] = "tim";

edit, again - more examples to help ya out

$_SESSION['name'] = $_POST['username'];
Last edited by tim on Thu Jun 17, 2004 8:02 pm, edited 3 times in total.
stantheman
Forum Commoner
Posts: 38
Joined: Wed May 26, 2004 8:57 am

Post by stantheman »

ok cool thanks for the help
stantheman
Forum Commoner
Posts: 38
Joined: Wed May 26, 2004 8:57 am

Post by stantheman »

Undefined variable: _SESSION
I'm getting this when i'm trying to check if the session is true
this is just a smaple page 'm trying to get working beofre i work other apges so i can get the hang of it.

page one
<?PHP
$_SESSION['logged'] = true;
header("Location: help.php");
?>

page two
<?php
$ans = $_SESSION['logged'];

echo $ans;
if ($ans == true)
{
echo "HELLO";
}
?>
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

What version of PHP? $_SESSION was introduced in 4.1.0. So you'll need to use $HTTP_SESSION_VARS in earlier versions.
stantheman
Forum Commoner
Posts: 38
Joined: Wed May 26, 2004 8:57 am

Post by stantheman »

Version 4.3.7
leenoble_uk
Forum Contributor
Posts: 108
Joined: Fri May 03, 2002 10:33 am
Location: Cheshire
Contact:

Post by leenoble_uk »

You gotta have

Code: Select all

session_start();
at the top of every page.
stantheman
Forum Commoner
Posts: 38
Joined: Wed May 26, 2004 8:57 am

Post by stantheman »

Here are the warns i'm getting now

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at c:\inetpub\wwwroot\phptesting\help.php:2) in c:\inetpub\wwwroot\phptesting\help.php on line 3

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at c:\inetpub\wwwroot\phptesting\help.php:2) in c:\inetpub\wwwroot\phptesting\help.php on line 3

my code for those pages is below
page one
<?PHP
session_start();
$_SESSION['logged'] = true;
header("Location: help.php");
?>

page two
<?php
session_start();
if (isset($_SESSION['logged'])) {

// display page

} else {

// display login page

}
?>
leenoble_uk
Forum Contributor
Posts: 108
Joined: Fri May 03, 2002 10:33 am
Location: Cheshire
Contact:

Post by leenoble_uk »

Have you got any regular html BEFORE your opening <?php tag?
You can't ouput anything to the browser - even white space - before calling session_start()
stantheman
Forum Commoner
Posts: 38
Joined: Wed May 26, 2004 8:57 am

Post by stantheman »

Thats worked i had some white space before my php code. Thanks for all the HELP
Post Reply