Protecting pages, need to be logged in to view.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

As long as it's educational. I just want to make sure anyone who views this topic gets all the sides.
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

1. How would i add users to this?

yeah thats true, i just need to know thee 3 things.

Code: Select all

session_start(); 
if (empty($_POST['user']) || empty($_POST['pass'])) 
    die('GO AWAY'); 

if ($_POST['user'] == 'test_user' && $_POST['pass'] == 'test_pass') 
{ 
    $_SESSION['log'] = true; 
    echo '<meta http-equiv="refresh" content="0;url=secure_page.php">'; 
} 
else 
    die('GO AWAY');
would it be elseif?


2. to logout, can i just add

Code: Select all

session_destroy();
to login.php and the logout link would be,
<a href=login.php>logout</a>?

3. how can i keep them logged in if they go to a unprotected page?
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

I figured out how to logout. Now i just need to find out, how to keep the user logged in, if they dont go to the protected pages.

Thank You!
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

nickman013 wrote:how can i keep them logged in if they go to a unprotected page?
Put session_start() at the top of any pages you want to detect that they are logged in on.
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

nickman013 wrote:how can i keep them logged in if they go to a unprotected page?

Code: Select all

session_start(); 
if (empty($_POST['user']) || empty($_POST['pass'])) 
    die('GO AWAY'); 

if ($_POST['user'] == 'test_user' && $_POST['pass'] == 'test_pass') 
{ 
    $_SESSION['log'] = true; 
    echo '<meta http-equiv="refresh" content="0;url=secure_page.php">'; 
} 
else 
    die('GO AWAY');
If you think a little, you would come to infer that you use the above script to verify whether a user is valid and if you do not want to validate the user, then you should not use this script and that would allow access to anyone to access these unprotected pages. You can use session_start() in these pages or not, it is merely a choice, session_start() allows one to use the available session variables declared before and you can now declare your new session variables. Anyway that statement will not stop any user from accessing unprotected pages.
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

isnt that the dolog.php script?
User avatar
nickman013
Forum Regular
Posts: 764
Joined: Sun Aug 14, 2005 12:02 am
Location: Long Island, New York

Post by nickman013 »

nickman013 wrote:1. How would i add users to this?

yeah thats true, i just need to know thee 3 things.

Code: Select all

session_start(); 
if (empty($_POST['user']) || empty($_POST['pass'])) 
    die('GO AWAY'); 

if ($_POST['user'] == 'test_user' && $_POST['pass'] == 'test_pass') 
{ 
    $_SESSION['log'] = true; 
    echo '<meta http-equiv="refresh" content="0;url=secure_page.php">'; 
} 
else 
    die('GO AWAY');
would it be elseif?


2. to logout, can i just add

Code: Select all

session_destroy();
to login.php and the logout link would be,
<a href=login.php>logout</a>?

3. how can i keep them logged in if they go to a unprotected page?
anybody?
Post Reply