sessions across pages

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

unless all users that are logged in are admins, I'd add some other stuff to that if :)
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

unless all users that are logged in are admins, I'd add some other stuff to that if....
...if?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Code: Select all

if (!isset($_SESSION["loggedin"]))
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

thanx for all your help feyd much appreciated wont make those mistakes again 8)
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

ahhhh! trying to make each admin page secure but can still get to it from just typing the path in.

is that because my session is still running? ie. havent logged out?

i am putting this code at the top of each admin page:

Code: Select all

<?php
session_start(); 
if (!isset($_SESSION["loggedin"])) 
{ 
exit("Hacking Attempt!"); 
} 

echo "Welcome to the Admin Section, ".$_SESSION["username"]; 
?>
then my html...

<html>
<head>
etc.

is this correct?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

If you hadn't logged out, yes, that would be it.
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

thanx, sorry for carrying this on so long with not that hard question :roll:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'm sure someone will benefit from the further explainations and things.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

That little snipplet was indended only if the only ppl that can sign in are admins. If you have some sort of access

like

AccessName | Access
Admin | 3
Mod | 2
User | 1
Guest | 0

then you should put on your admin page




admin.php

Code: Select all

<?php

session_start(); 
if (($_SESSION["access"] != 3) && (!empty($_SESSION["access"])))
{ 
exit("Hacking Attempt!"); 
} 

echo "Welcome to the Admin Section, ".$_SESSION["username"]; 


?>

login.php

Code: Select all

<?php
<?php 
session_start(); 

$username = $_POST["username"]; 
$password = $_POST["password"]; 

if(!empty($_POST['submit'])) 
{ 
     $db = mysql_pconnect('***') or die ("Could not connect to database"); 
     mysql_select_db('models') or die ("Could not select database!"); 
     $sql = "select * from user where name = '$username'"; 
     $result = mysql_query($sql, $db) or die ("Execution failed."); 

     while ($row=mysql_fetch_array($result)) 
     { 
        if ($row["password"]== $_POST["password"]) 
        { 
        echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') "; 
        $_SESSION["name"] = $username; 
        $_SESSION["access"] = $row["access"]; //no long loggedin=set but gets the access var into the session
        } 
      else 
      { 
      echo "wrong password"; 
      } 
  
     } 
} 
?>
Post Reply