Page 3 of 3

Posted: Mon Jan 23, 2006 11:33 pm
by d3ad1ysp0rk
As long as it's educational. I just want to make sure anyone who views this topic gets all the sides.

Posted: Tue Jan 24, 2006 10:24 am
by nickman013
1. How would i add users to this?

yeah thats true, i just need to know thee 3 things.

Code: Select all

session_start(); 
if (empty($_POST['user']) || empty($_POST['pass'])) 
    die('GO AWAY'); 

if ($_POST['user'] == 'test_user' && $_POST['pass'] == 'test_pass') 
{ 
    $_SESSION['log'] = true; 
    echo '<meta http-equiv="refresh" content="0;url=secure_page.php">'; 
} 
else 
    die('GO AWAY');
would it be elseif?


2. to logout, can i just add

Code: Select all

session_destroy();
to login.php and the logout link would be,
<a href=login.php>logout</a>?

3. how can i keep them logged in if they go to a unprotected page?

Posted: Tue Jan 24, 2006 11:27 pm
by nickman013
I figured out how to logout. Now i just need to find out, how to keep the user logged in, if they dont go to the protected pages.

Thank You!

Posted: Wed Jan 25, 2006 12:27 am
by josh
nickman013 wrote:how can i keep them logged in if they go to a unprotected page?
Put session_start() at the top of any pages you want to detect that they are logged in on.

Posted: Wed Jan 25, 2006 5:37 am
by raghavan20
nickman013 wrote:how can i keep them logged in if they go to a unprotected page?

Code: Select all

session_start(); 
if (empty($_POST['user']) || empty($_POST['pass'])) 
    die('GO AWAY'); 

if ($_POST['user'] == 'test_user' && $_POST['pass'] == 'test_pass') 
{ 
    $_SESSION['log'] = true; 
    echo '<meta http-equiv="refresh" content="0;url=secure_page.php">'; 
} 
else 
    die('GO AWAY');
If you think a little, you would come to infer that you use the above script to verify whether a user is valid and if you do not want to validate the user, then you should not use this script and that would allow access to anyone to access these unprotected pages. You can use session_start() in these pages or not, it is merely a choice, session_start() allows one to use the available session variables declared before and you can now declare your new session variables. Anyway that statement will not stop any user from accessing unprotected pages.

Posted: Wed Jan 25, 2006 10:39 am
by nickman013
isnt that the dolog.php script?

Posted: Sun Jan 29, 2006 2:26 pm
by nickman013
nickman013 wrote:1. How would i add users to this?

yeah thats true, i just need to know thee 3 things.

Code: Select all

session_start(); 
if (empty($_POST['user']) || empty($_POST['pass'])) 
    die('GO AWAY'); 

if ($_POST['user'] == 'test_user' && $_POST['pass'] == 'test_pass') 
{ 
    $_SESSION['log'] = true; 
    echo '<meta http-equiv="refresh" content="0;url=secure_page.php">'; 
} 
else 
    die('GO AWAY');
would it be elseif?


2. to logout, can i just add

Code: Select all

session_destroy();
to login.php and the logout link would be,
<a href=login.php>logout</a>?

3. how can i keep them logged in if they go to a unprotected page?
anybody?