Page 1 of 3

Protecting pages, need to be logged in to view.

Posted: Sun Jan 22, 2006 3:48 pm
by nickman013
Ok, this may seem easy to you guys, but not for me!

I have a form and I want the users on it, to be able to login, and go to a admin page, it does. But if someone who is not logged in trys to go to that page, I want it to ask them for username and password, but not for the people logged in. I just need to protect 4-6 pages like this. Do you get what I mean?


My login script is :

Code: Select all

<? 
if (isset($_POST['user']) && isset($_POST['pass'])){ 
if (($_POST['user']=='nick' && $_POST['pass']=='itelluwht') || ($_POST['user']=='nicky' && $_POST['pass']=='0319')){ 
include('/home/muot/public_html/pages/adminREDIRECT.php'); echo "<html><font color=green size=4>SUCCESS!</font></html>";
} else { 
$error = "<div align=center><font size=-1 color=red>WRONG USERNAME OR PASSWORD</FONT></div>"; 
echo "$error";
} 
}
$form = " 
<html> 
<body><div align=center><form action=login.php method=post><font size=2><b>Username: 
<input type=text size=10 maxlength=10 name=user><br> 
<font size=2><b>Password: 
<input type=password size=10 maxlength=10 name=pass><br><input type=submit value=Login.> 
</form> 
</div></body></html>";
echo "$form";
?>
adminREDIRECT.php is:

Code: Select all

<HTML>
<META HTTP-EQUIV="Refresh" CONTENT="1; URL=admin.php">
</html>
and admin.php is

Code: Select all

<?
blank
?>
The reason why I made the adminREDIRECT.php is because, It wouldnt work no other way I thought of.

But what I need to do is just make those pages protected, and only viewable by the people that are logged on.

I can do this with sessions, but I dont get how to use them, I looked at many tutorials on it, and couldn't figure out any of it. Is it possible to do with IF statements?

Thank You

Posted: Sun Jan 22, 2006 5:27 pm
by nickman013
anybody know what i mean?

Posted: Sun Jan 22, 2006 5:32 pm
by shiznatix
first, you gotta wait 24 hours before bumping a thread.

second, use sessions. if they validate as a user just do $_SESSION['whatever'] = true; or somthing. sessions are easy, just think of them as $_POST or $_GET except they exist on any page that has session_start(); at the top of it. just check if a session variable is set then if it is do whatever else die with a error.

Posted: Sun Jan 22, 2006 5:38 pm
by raghavan20
set a cookie when an user logs in
at each page, run the script to check if the cookie hold valid data, if not ask the user to login
look for setcookie() function
make this as an function and put in a common file and call from each page instead of pasting the same code at each page.

Posted: Sun Jan 22, 2006 5:59 pm
by nickman013
Ok, first off, I am sorry for bumping the thread.

But thank you for replying (both of you),

How would I start a session if a user is validated?

Thank You

Posted: Sun Jan 22, 2006 6:41 pm
by d3ad1ysp0rk
I've got some presents for you! :D

http://us2.php.net/session
http://www.google.com/search?hl=en&q=ph ... gle+Search
http://www.google.com/search?hl=en&lr=& ... tnG=Search

Also, if you're still unwilling to do it yourself, here's another one.. free this time!
http://rentacoder.com

:)

Posted: Sun Jan 22, 2006 6:49 pm
by nickman013
Well ive got somthing for you, this is a help form, correct?

Ive looked at a million tutorials already, if you have not read my other posts.
I just need help, if you dont want to help that fine, dont reply.

Thank You

Posted: Sun Jan 22, 2006 6:59 pm
by d3ad1ysp0rk
I'd very much like to help anyone willing to learn. You however are regularly provided with links to resources that easily point out how to do it in a generic way, and yet you always want people to write it for you.

Either you don't have a good grip of the basics of the language, or you just don't want to write anything. If it's the first, I'd be happy to show you some good sites for learning the general syntax and how it works. If not.. well. yea.

Posted: Sun Jan 22, 2006 7:03 pm
by nickman013
I just do not understand the whole concept of the sessions. I know what they do, but I dont know how to make them work.

Posted: Sun Jan 22, 2006 7:31 pm
by d3ad1ysp0rk
Sessions are a per-browser array of whatever you'd like.

Think of it as a cross-page array. The way you can add the accessibility to pages is by calling the session_start() function.

Example:

Code: Select all

<?php
session_start();
//This code would go in the if block checking whether the login was successful
$_SESSION['loggedin'] = TRUE;
?>
And then maybe have a file called "security.php" which is called on ALL pages that require the "making sure they're logged in" functionality:

Code: Select all

<?php
session_start();
if(empty($_SESSION['loggedin'])){
  header("Location: login.php");
  die();
}
?>
Also, you only need to use session_start once per page (and including pages), so you don't need to put it on both "security.php" and "delete_users.php".

Posted: Sun Jan 22, 2006 7:41 pm
by Jenk
use isset() instead of empty.

Posted: Sun Jan 22, 2006 9:45 pm
by nickman013
thank you for responding with a great response!

i tried to do this

my login.php is

Code: Select all

<? 
if (isset($_POST['user']) && isset($_POST['pass'])){ 
if (($_POST['user']=='nick' && $_POST['pass']=='nickpass') || ($_POST['user']=='nicky' && $_POST['nickypass']=='0319')){ 
include('/home/muot/public_html/pages/adminREDIRECT.php'); echo "<html><font color=green size=4>SUCCESS!</font></html>"; 
} else { 
$error = "<div align=center><font size=-1 color=red>WRONG USERNAME OR PASSWORD</FONT></div>"; 
echo "$error";
} 
}
$form = " 
<html> 
<body><div align=center><form action=login.php method=post><font size=2><b>Username: 
<input type=text size=10 maxlength=10 name=user><br> 
<font size=2><b>Password: 
<input type=password size=10 maxlength=10 name=pass><br><input type=submit value=Login.> 
</form> 
</div></body></html>";
echo "$form";
?>
i think i did it right, but it says,
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/muot/public_html/pages/login.php:30) in /home/muot/public_html/pages/adminREDIRECT.php on line 2

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/muot/public_html/pages/login.php:30) in /home/muot/public_html/pages/adminREDIRECT.php on line 2
there is HTML above this login script.

Posted: Sun Jan 22, 2006 9:46 pm
by Christopher
Jenk wrote:use isset() instead of empty.
Actually empty() would handle both not set and false which might be correct in this case (depends of logout unsets or sets to false/0).

Posted: Mon Jan 23, 2006 1:31 am
by nickman013
ok i will try that after i get the script working

Posted: Mon Jan 23, 2006 5:38 am
by raghavan20
arborint wrote:
Jenk wrote:use isset() instead of empty.
Actually empty() would handle both not set and false which might be correct in this case (depends of logout unsets or sets to false/0).
empty would be useful at many situations.
Take this url

Code: Select all

//this works well for 
//someurl.php?action=editPost&id=3

if(isset($_GET["id"]){
..........
.........
}
//This works well for this url as well
//someurl.php?action=editPost
if(isset($_GET["id"]){
..........
.........
}

What if URL is like 
someurl.php?action=editPost&id=
The id value is missing here
This can only help in this case
if(isset($_GET["id"]){
if(!empty($_GET["id"]))
..........
.........
}
}