sessions across pages
Moderator: General Moderators
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Code: Select all
if (!isset($_SESSION["loggedin"]))ahhhh! trying to make each admin page secure but can still get to it from just typing the path in.
is that because my session is still running? ie. havent logged out?
i am putting this code at the top of each admin page:
then my html...
<html>
<head>
etc.
is this correct?
is that because my session is still running? ie. havent logged out?
i am putting this code at the top of each admin page:
Code: Select all
<?php
session_start();
if (!isset($_SESSION["loggedin"]))
{
exit("Hacking Attempt!");
}
echo "Welcome to the Admin Section, ".$_SESSION["username"];
?><html>
<head>
etc.
is this correct?
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
That little snipplet was indended only if the only ppl that can sign in are admins. If you have some sort of access
like
AccessName | Access
Admin | 3
Mod | 2
User | 1
Guest | 0
then you should put on your admin page
admin.php
login.php
like
AccessName | Access
Admin | 3
Mod | 2
User | 1
Guest | 0
then you should put on your admin page
admin.php
Code: Select all
<?php
session_start();
if (($_SESSION["access"] != 3) && (!empty($_SESSION["access"])))
{
exit("Hacking Attempt!");
}
echo "Welcome to the Admin Section, ".$_SESSION["username"];
?>login.php
Code: Select all
<?php
<?php
session_start();
$username = $_POST["username"];
$password = $_POST["password"];
if(!empty($_POST['submit']))
{
$db = mysql_pconnect('***') or die ("Could not connect to database");
mysql_select_db('models') or die ("Could not select database!");
$sql = "select * from user where name = '$username'";
$result = mysql_query($sql, $db) or die ("Execution failed.");
while ($row=mysql_fetch_array($result))
{
if ($row["password"]== $_POST["password"])
{
echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') ";
$_SESSION["name"] = $username;
$_SESSION["access"] = $row["access"]; //no long loggedin=set but gets the access var into the session
}
else
{
echo "wrong password";
}
}
}
?>