Page 1 of 2

Preventing someone from skipping login page

Posted: Thu Jun 17, 2004 1:52 pm
by stantheman
How can I prevent someone from typing in the filename to by-pass the login menu? Is there away to prevent this?

Posted: Thu Jun 17, 2004 2:11 pm
by feyd
[php_man]session[/php_man]

Posted: Thu Jun 17, 2004 4:45 pm
by tim

Code: Select all

<?php
if (isset($_SESSION['logged'])) {

// display page

} else {

// display login page

}
?>

Posted: Thu Jun 17, 2004 7:47 pm
by stantheman
So on the login page to you have to see the session['logged'] = true
and then you the if statement on all the othe pages that you want to protect

Posted: Thu Jun 17, 2004 7:51 pm
by tim
yeah, after the log-in (provided all the info was correct) set a session var, then use the isset with if statements to see if the session var is set/true/false, not set, etc.

easiest way to do it, effective as well.

:wink:

Posted: Thu Jun 17, 2004 7:53 pm
by stantheman
can you show me how to see a session var i'm new to this php stuff

is it $_SESSION['login'] = true

Posted: Thu Jun 17, 2004 7:55 pm
by tim
yeah u can assign any var to the SESSION global. ie:

/ $_SESSION['logged'] = true;

/ $tim = "tim";
$tim = $_SESSION['name'];

/ $_SESSION['name'] = "tim";

edit, again - more examples to help ya out

$_SESSION['name'] = $_POST['username'];

Posted: Thu Jun 17, 2004 7:56 pm
by stantheman
ok cool thanks for the help

Posted: Fri Jun 18, 2004 7:24 am
by stantheman
Undefined variable: _SESSION
I'm getting this when i'm trying to check if the session is true
this is just a smaple page 'm trying to get working beofre i work other apges so i can get the hang of it.

page one
<?PHP
$_SESSION['logged'] = true;
header("Location: help.php");
?>

page two
<?php
$ans = $_SESSION['logged'];

echo $ans;
if ($ans == true)
{
echo "HELLO";
}
?>

Posted: Fri Jun 18, 2004 7:54 am
by Buddha443556
What version of PHP? $_SESSION was introduced in 4.1.0. So you'll need to use $HTTP_SESSION_VARS in earlier versions.

Posted: Fri Jun 18, 2004 8:11 am
by stantheman
Version 4.3.7

Posted: Fri Jun 18, 2004 8:14 am
by leenoble_uk
You gotta have

Code: Select all

session_start();
at the top of every page.

Posted: Fri Jun 18, 2004 8:22 am
by stantheman
Here are the warns i'm getting now

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at c:\inetpub\wwwroot\phptesting\help.php:2) in c:\inetpub\wwwroot\phptesting\help.php on line 3

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at c:\inetpub\wwwroot\phptesting\help.php:2) in c:\inetpub\wwwroot\phptesting\help.php on line 3

my code for those pages is below
page one
<?PHP
session_start();
$_SESSION['logged'] = true;
header("Location: help.php");
?>

page two
<?php
session_start();
if (isset($_SESSION['logged'])) {

// display page

} else {

// display login page

}
?>

Posted: Fri Jun 18, 2004 8:28 am
by leenoble_uk
Have you got any regular html BEFORE your opening <?php tag?
You can't ouput anything to the browser - even white space - before calling session_start()

Posted: Fri Jun 18, 2004 8:36 am
by stantheman
Thats worked i had some white space before my php code. Thanks for all the HELP