I am very new too php and am just experimentting with a very simple php login script.
The code is below.
I dont understand what code to put at the top of each secure webpage to make sure that the session is still logged in.
I'm pretty sure that this should be very simple. With my code below could anyone please write out the short code I need to place on the top of each of my secure pages.
<?php
import_request_variables ("PCG");
if (empty($Surname) || empty($Password))
{
header("Location: http://project.cs.cf.ac.uk/A.Rabindran/StudentErr.html");
}
else
{
//open database connection
$connection = mysql_connect("xxxxxxxxxxxxx,xxxxxxxxx,xxxxxxx") or die ("Error Connecting
to the database.");
//select the database
mysql_select_db("ar1?db", $connection) or die ("Failed!");
$result = mysql_query("select * from Student where Surname='$Surname' AND Password='$Password'",$connection);
//check that at least one row has been returned.
$Checkrow = mysql_num_rows($result);
if($Checkrow > 0)
{
while($row = mysql_fetch_array($result))
{
//start session
session_start();
session_register('Surname');
header("Location: http://project.cs.cf.ac.uk/A.Rabindran/Form1.php");
}
}
else
{
//Invalid Password or User ID: Return to Login Page
header("Location: http://project.cs.cf.ac.uk/A.Rabindran/StudentErr.html");
}
}
php?>
I hope this is enough infomation.
Login Script Help
Moderator: General Moderators
Couple things: First, you are declaring a session variable, but not assigning it a value. That will be somewhat easy to spoof unless you have a value that you have to double check, in there.
Also, you are using an old (though still valid) way of assigning stuff to sessions. Another, easier, way is:
Finally, to answer the question you actually asked
, put some code at the top of your page that checkss the session variables. All you're currently doing is creating a session variable 'Surname', so to check for that:
Also, you are using an old (though still valid) way of assigning stuff to sessions. Another, easier, way is:
Code: Select all
session_start();
$_SESSION['Surname'] = '';Code: Select all
session_start();
if(isset($_SESSION['Surname']))
{
$session_active = true;
}
else
{
$session_active = false;
}
// or a leaner version...
$session_active = (isset($_SESSION['Surname'])) ? true : false;Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
-
Magicman0022
- Forum Newbie
- Posts: 11
- Joined: Thu Jul 28, 2005 8:38 am
Tried to implement what you said but it didn't work... Help
Thanx for the pointers,
I took on your advice and constructed this set of code. Unfortunatly It stilldoesn't work. When the page executes the session is not recognised and gets forced to my StudentErr1 page.
I cant seem to pass over the session correctly because if I register the session in the code below it all works hunky dory.
I guess this is all trivial stuff to you guys... but if you could help me to get this to work it would be most appreciated
Please help
I took on your advice and constructed this set of code. Unfortunatly It stilldoesn't work. When the page executes the session is not recognised and gets forced to my StudentErr1 page.
I cant seem to pass over the session correctly because if I register the session in the code below it all works hunky dory.
I guess this is all trivial stuff to you guys... but if you could help me to get this to work it would be most appreciated
Code: Select all
<?php
//start the session
session_start();
//session_register('Surname');
//check to make sure that session variable is registered
if(isset($_SESSION['Surname']))
{
$session_active = true;
}
else
{
//session variable is not registered therfore send them back to the login page.
$session_active = false;
header("Location: http://project.cs.cf.ac.uk/A.Rabindran/StudentErr1.html");
}
php?>to be totally honest, I don't use session_register rather I just set my session vars (not sure the difference actually, they both seem "global" to me).
you could try printing out the array to see what is being set on your login page:
Code: Select all
$_SESSION['Surname'] = $row['Surname'];Code: Select all
print_r($_SESSION);