Session Question
Moderator: General Moderators
Session Question
Hey,
I have to pages. Both have a log in page before the actual page so that the actual page knows with user file to include. But what I'm trying to do is to have a script on top of the both log in pages, that tests if a session is set. If so it only redirects to the actual page. And the actual page uses the session information.
If no session is set the log in pages will be shown and i will have a script on top of the actual page that registers the variables sent from the log in page. Then the session is set an when a user choose another page the log in will not be shown because a session is set. And the actual pages will use the information saved.
Hope anyone understand what I mean.[/quote]
I have to pages. Both have a log in page before the actual page so that the actual page knows with user file to include. But what I'm trying to do is to have a script on top of the both log in pages, that tests if a session is set. If so it only redirects to the actual page. And the actual page uses the session information.
If no session is set the log in pages will be shown and i will have a script on top of the actual page that registers the variables sent from the log in page. Then the session is set an when a user choose another page the log in will not be shown because a session is set. And the actual pages will use the information saved.
Hope anyone understand what I mean.[/quote]
heres what i stick on the top of all my protected pages...
its not totally secure but it stops the casual hacker
(the redirect is to the login page)
its not totally secure but it stops the casual hacker
Code: Select all
<?php
session_start();
if (empty($HTTP_SESSION_VARSї'user'])){
header("Location: http://your.url.here");
exit;}
?>i kinda embedded my auth and my login form into one script...
its not very small but here it is:
the page itself is index.php so if the login form is submitted or the login is invalid it returns to itself...
the bottom part decides what to do as regards the user that logs in... here i have a redirect for everyone that isnt admin
its not very small but here it is:
Code: Select all
<?php
session_start();
if(empty($HTTP_SESSION_VARSї'user'])){
if($HTTP_POST_VARSї'user']){
$db=mysql_connect(HOST, USER, PASS);
if (!$db)
die ("I can't connect!");
$ok=mysql_select_db(DB);
if (!$ok)
die ("I can't connect to the DB!");
$result = mysql_query("SELECT COUNT(*) AS numfound FROM Players WHERE user='{$HTTP_POST_VARSї'user']}' AND pass='{$HTTP_POST_VARSї'pass']}'");
$result1 = mysql_fetch_array($result);
mysql_close();
if($result1ї'numfound'] >= 1){
$user = $HTTP_POST_VARSї'user'];
session_register('user');
header("Location: http://burtonroad.coolfreepages.com/index.php");
exit;
}
else
{ header("Location: http://burtonroad.coolfreepages.com/index.php");
exit;
}
}//close if($POSTї'user'])
else
{
include ('top.php');?>
Please Login:
<table border=1 cellpadding=3 cellspacing=0><tr><td>
<form method=POST ACTION="<?= $PHP_SELF ?>">
<table border=0 cellpadding=3 cellspacing=0>
<tr><td align=left valign=top>Username:</td>
<td align=left><input type=text size=15 name=user></td></tr>
<tr><td align=left valign=top>Password:</td>
<td align=left><input type=password size=15 name=pass></td></tr>
<tr><td></td><td align=left valign=top><input type=submit name=submit value="Login"></td></tr></table>
</form></td></tr></table>
<a href="home.htm">Introduction</a>
<?php
include('bottom.php');
}}else{// close else(login form), close if(empty)
if($HTTP_SESSION_VARSї'user']!='admin')
header("Location: http://burtonroad.coolfreepages.com/news.php");
include ('top2.php');
?>the bottom part decides what to do as regards the user that logs in... here i have a redirect for everyone that isnt admin
Why an error?
This is the script after the log in page. It's supposed to register the variables from the log in page, but all i get is an error.
This is the script after the log in page. It's supposed to register the variables from the log in page, but all i get is an error.
The error:<?php
session_start()
$username = $_POST['username'];
$password = $_POST['password'];
session_register($username);
session_register($password);
header("Location: thepage.php");
?>
Parse error: parse error, unexpected T_VARIABLE in hgh.php on line 5
I wrote wrong, sorry.
I have the log in page that has to inputs. $username and $password. The log in for is sent to a file that registers the variables:
I have the log in page that has to inputs. $username and $password. The log in for is sent to a file that registers the variables:
When this script has registrated the session it send it to the page that is the one the user will get access to. This file has these strings on the top:<?php
session_start();
$brukernavn = $_POST['brukernavn'];
$brukernavn = $_POST['passord'];
session_register($brukernavn);
session_register($passord);
header("Location: tilkassen2.php");
?>
For some reason it always send me back to the log in page "tilkassen1". Just like the session hasn't registrated any variables at all.<?php
session_start();
if( empty( $HTTP_SESSION_VARS['brukernavn'] ) or empty( $HTTP_SESSION_VARS['passord'] ) )
{
header("Location: tilkassen1.php");
exit;
}
?>
Why use session_register if you are using $HTTP_SESSION_VARS. Use this to register sessions.
Code: Select all
<?php
$HTTP_POST_VARSї'$brukernavn'] = $brukernavn;
?>Code: Select all
<?phpsession_register($brukernavn);
session_register($passord); ?>Code: Select all
<?php
session_register('brukernavn');
session_register('passord'); ?>Tried putting that in the file that is going to be entered:
I belive it is here there are something wrong since i checked the session files on my computer, and in the session file I checked i found all the information.<?php
session_start();
if( empty( $HTTP_POST_VARS['brukernavn'] ) or empty( $HTTP_POST_VARS['passord'] ) )
{
header("Location: tilkassen1.php");
exit;
}
?>