Page 1 of 2
Preventing someone from skipping login page
Posted: Thu Jun 17, 2004 1:52 pm
by stantheman
How can I prevent someone from typing in the filename to by-pass the login menu? Is there away to prevent this?
Posted: Thu Jun 17, 2004 2:11 pm
by feyd
[php_man]session[/php_man]
Posted: Thu Jun 17, 2004 4:45 pm
by tim
Code: Select all
<?php
if (isset($_SESSION['logged'])) {
// display page
} else {
// display login page
}
?>
Posted: Thu Jun 17, 2004 7:47 pm
by stantheman
So on the login page to you have to see the session['logged'] = true
and then you the if statement on all the othe pages that you want to protect
Posted: Thu Jun 17, 2004 7:51 pm
by tim
yeah, after the log-in (provided all the info was correct) set a session var, then use the isset with if statements to see if the session var is set/true/false, not set, etc.
easiest way to do it, effective as well.

Posted: Thu Jun 17, 2004 7:53 pm
by stantheman
can you show me how to see a session var i'm new to this php stuff
is it $_SESSION['login'] = true
Posted: Thu Jun 17, 2004 7:55 pm
by tim
yeah u can assign any var to the SESSION global. ie:
/ $_SESSION['logged'] = true;
/ $tim = "tim";
$tim = $_SESSION['name'];
/ $_SESSION['name'] = "tim";
edit, again - more examples to help ya out
$_SESSION['name'] = $_POST['username'];
Posted: Thu Jun 17, 2004 7:56 pm
by stantheman
ok cool thanks for the help
Posted: Fri Jun 18, 2004 7:24 am
by stantheman
Undefined variable: _SESSION
I'm getting this when i'm trying to check if the session is true
this is just a smaple page 'm trying to get working beofre i work other apges so i can get the hang of it.
page one
<?PHP
$_SESSION['logged'] = true;
header("Location: help.php");
?>
page two
<?php
$ans = $_SESSION['logged'];
echo $ans;
if ($ans == true)
{
echo "HELLO";
}
?>
Posted: Fri Jun 18, 2004 7:54 am
by Buddha443556
What version of PHP? $_SESSION was introduced in 4.1.0. So you'll need to use $HTTP_SESSION_VARS in earlier versions.
Posted: Fri Jun 18, 2004 8:11 am
by stantheman
Version 4.3.7
Posted: Fri Jun 18, 2004 8:14 am
by leenoble_uk
You gotta have
at the top of every page.
Posted: Fri Jun 18, 2004 8:22 am
by stantheman
Here are the warns i'm getting now
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at c:\inetpub\wwwroot\phptesting\help.php:2) in c:\inetpub\wwwroot\phptesting\help.php on line 3
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at c:\inetpub\wwwroot\phptesting\help.php:2) in c:\inetpub\wwwroot\phptesting\help.php on line 3
my code for those pages is below
page one
<?PHP
session_start();
$_SESSION['logged'] = true;
header("Location: help.php");
?>
page two
<?php
session_start();
if (isset($_SESSION['logged'])) {
// display page
} else {
// display login page
}
?>
Posted: Fri Jun 18, 2004 8:28 am
by leenoble_uk
Have you got any regular html BEFORE your opening <?php tag?
You can't ouput anything to the browser - even white space - before calling session_start()
Posted: Fri Jun 18, 2004 8:36 am
by stantheman
Thats worked i had some white space before my php code. Thanks for all the HELP