Protecting pages, need to be logged in to view.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Protecting pages, need to be logged in to view.

Post by nickman013 »

Ok, this may seem easy to you guys, but not for me!

I have a form and I want the users on it, to be able to login, and go to a admin page, it does. But if someone who is not logged in trys to go to that page, I want it to ask them for username and password, but not for the people logged in. I just need to protect 4-6 pages like this. Do you get what I mean?


My login script is :

Code: Select all

<? 
if (isset($_POST['user']) && isset($_POST['pass'])){ 
if (($_POST['user']=='nick' && $_POST['pass']=='itelluwht') || ($_POST['user']=='nicky' && $_POST['pass']=='0319')){ 
include('/home/muot/public_html/pages/adminREDIRECT.php'); echo "<html><font color=green size=4>SUCCESS!</font></html>";
} else { 
$error = "<div align=center><font size=-1 color=red>WRONG USERNAME OR PASSWORD</FONT></div>"; 
echo "$error";
} 
}
$form = " 
<html> 
<body><div align=center><form action=login.php method=post><font size=2><b>Username: 
<input type=text size=10 maxlength=10 name=user><br> 
<font size=2><b>Password: 
<input type=password size=10 maxlength=10 name=pass><br><input type=submit value=Login.> 
</form> 
</div></body></html>";
echo "$form";
?>
adminREDIRECT.php is:

Code: Select all

<HTML>
<META HTTP-EQUIV="Refresh" CONTENT="1; URL=admin.php">
</html>
and admin.php is

Code: Select all

<?
blank
?>
The reason why I made the adminREDIRECT.php is because, It wouldnt work no other way I thought of.

But what I need to do is just make those pages protected, and only viewable by the people that are logged on.

I can do this with sessions, but I dont get how to use them, I looked at many tutorials on it, and couldn't figure out any of it. Is it possible to do with IF statements?

Thank You
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

anybody know what i mean?
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

first, you gotta wait 24 hours before bumping a thread.

second, use sessions. if they validate as a user just do $_SESSION['whatever'] = true; or somthing. sessions are easy, just think of them as $_POST or $_GET except they exist on any page that has session_start(); at the top of it. just check if a session variable is set then if it is do whatever else die with a error.
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

set a cookie when an user logs in
at each page, run the script to check if the cookie hold valid data, if not ask the user to login
look for setcookie() function
make this as an function and put in a common file and call from each page instead of pasting the same code at each page.
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

Ok, first off, I am sorry for bumping the thread.

But thank you for replying (both of you),

How would I start a session if a user is validated?

Thank You
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

I've got some presents for you! :D

http://us2.php.net/session
http://www.google.com/search?hl=en&q=ph ... gle+Search
http://www.google.com/search?hl=en&lr=& ... tnG=Search

Also, if you're still unwilling to do it yourself, here's another one.. free this time!
http://rentacoder.com

:)
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

Well ive got somthing for you, this is a help form, correct?

Ive looked at a million tutorials already, if you have not read my other posts.
I just need help, if you dont want to help that fine, dont reply.

Thank You
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

I'd very much like to help anyone willing to learn. You however are regularly provided with links to resources that easily point out how to do it in a generic way, and yet you always want people to write it for you.

Either you don't have a good grip of the basics of the language, or you just don't want to write anything. If it's the first, I'd be happy to show you some good sites for learning the general syntax and how it works. If not.. well. yea.
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

I just do not understand the whole concept of the sessions. I know what they do, but I dont know how to make them work.
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

Sessions are a per-browser array of whatever you'd like.

Think of it as a cross-page array. The way you can add the accessibility to pages is by calling the session_start() function.

Example:

Code: Select all

<?php
session_start();
//This code would go in the if block checking whether the login was successful
$_SESSION['loggedin'] = TRUE;
?>
And then maybe have a file called "security.php" which is called on ALL pages that require the "making sure they're logged in" functionality:

Code: Select all

<?php
session_start();
if(empty($_SESSION['loggedin'])){
  header("Location: login.php");
  die();
}
?>
Also, you only need to use session_start once per page (and including pages), so you don't need to put it on both "security.php" and "delete_users.php".
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

use isset() instead of empty.
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

thank you for responding with a great response!

i tried to do this

my login.php is

Code: Select all

<? 
if (isset($_POST['user']) && isset($_POST['pass'])){ 
if (($_POST['user']=='nick' && $_POST['pass']=='nickpass') || ($_POST['user']=='nicky' && $_POST['nickypass']=='0319')){ 
include('/home/muot/public_html/pages/adminREDIRECT.php'); echo "<html><font color=green size=4>SUCCESS!</font></html>"; 
} else { 
$error = "<div align=center><font size=-1 color=red>WRONG USERNAME OR PASSWORD</FONT></div>"; 
echo "$error";
} 
}
$form = " 
<html> 
<body><div align=center><form action=login.php method=post><font size=2><b>Username: 
<input type=text size=10 maxlength=10 name=user><br> 
<font size=2><b>Password: 
<input type=password size=10 maxlength=10 name=pass><br><input type=submit value=Login.> 
</form> 
</div></body></html>";
echo "$form";
?>
i think i did it right, but it says,
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/muot/public_html/pages/login.php:30) in /home/muot/public_html/pages/adminREDIRECT.php on line 2

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/muot/public_html/pages/login.php:30) in /home/muot/public_html/pages/adminREDIRECT.php on line 2
there is HTML above this login script.
Last edited by nickman013 on Sun Jan 22, 2006 9:47 pm, edited 1 time in total.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Jenk wrote:use isset() instead of empty.
Actually empty() would handle both not set and false which might be correct in this case (depends of logout unsets or sets to false/0).
(#10850)
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

ok i will try that after i get the script working
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

arborint wrote:
Jenk wrote:use isset() instead of empty.
Actually empty() would handle both not set and false which might be correct in this case (depends of logout unsets or sets to false/0).
empty would be useful at many situations.
Take this url

Code: Select all

//this works well for 
//someurl.php?action=editPost&id=3

if(isset($_GET["id"]){
..........
.........
}
//This works well for this url as well
//someurl.php?action=editPost
if(isset($_GET["id"]){
..........
.........
}

What if URL is like 
someurl.php?action=editPost&id=
The id value is missing here
This can only help in this case
if(isset($_GET["id"]){
if(!empty($_GET["id"]))
..........
.........
}
}
Post Reply