login script and sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oxyfire
Forum Newbie
Posts: 3
Joined: Thu Apr 27, 2006 10:31 am

login script and sessions

Post by oxyfire »

Hi guys

Ive put a login script on a site that im creating and its working fine. What i want to do next is make certain pages only accessable if ur logged into the site.

im very new to php and im sturggling on getting this working can someone show me a basic redirect if ur not logged in script please? :D
dasantillo
Forum Newbie
Posts: 10
Joined: Wed Mar 15, 2006 4:31 am
Location: Swansea, Wales

Post by dasantillo »

You just need to create a session variable and check it on each page - at least, that's how I've done it.

This needs to be on the page only allowed to be viewed once logged in - at the very top of the file.

Code: Select all

<?php
include("../common.php");
checkUser();
?>

<body>
The function in common.php is:

Code: Select all

function checkUser()
{
session_start();
if ($_SESSION["loginSuccess"] == false)
   header("Location: /"); // redirect to login page
}
And the login page should be like this:

Code: Select all

session_register("loginSuccess");
   if ($username && $password) // if they are both correct
      {
      $loginSuccess = true;
      $_SESSION["loginSuccess"] = true;
      }
   else
      {
      $_SESSION["loginSuccess"] = false;
      }
Hope this helps.

KR

Dan.
Last edited by dasantillo on Thu Apr 27, 2006 10:59 am, edited 1 time in total.
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

you have to study up on sessions & header() to understand/implement this

Code: Select all

<?php

if(!isset($_SESSION['user']) //check for user login...
  header('Location: login.php');

?>
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I like to do what nOOb suggested. I usually put a piece of code called 'check_logged_in.php' or something to that effect into a small function and call that at the beginning of each logged in page via an include. I usually look for a session var being set to 'logged_in' or something like that. If it is not set, header the user back to the login page. Otherwise, the script will do what it is supposed to do if the user is logged in.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Don't forget to call http://www.php.net/exit after the redirection to the login page when you check the loginstatus... Otherwise code would still be executed... And browsers that don't follow redirections would get to see the output...
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Good point. Forgot about putting that in there.

Code: Select all

<?php
if(!isset($_SESSION['user']) //check for user login...
  header('Location: login.php');
  exit;
?>
oxyfire
Forum Newbie
Posts: 3
Joined: Thu Apr 27, 2006 10:31 am

Post by oxyfire »

ok this is me being very n00by and i know its going to be something very simple to fix but im still having trouble

Im getting an error when i use the code. im guessing its to do with the location of the files which are....


my login page is in :maindir/login/main.php

and the page i want to protect is in :maindir/upload/index.php


heres the code im using

Code: Select all

<?php
if(!isset($SESSION['username']) //check for user login...
  header('Location: ../login/main.php');
  exit;
?>

and heres the error

Parse error: parse error, unexpected T_STRING in blah blah on line 3
dasantillo
Forum Newbie
Posts: 10
Joined: Wed Mar 15, 2006 4:31 am
Location: Swansea, Wales

Post by dasantillo »

You're missing a bracket :-)

Try this:

Code: Select all

<?php 
if(!isset($SESSION['username'])) //check for user login... 
  header('Location: ../login/main.php'); 
  exit; 
?>
Oh, and you may want some curly brackets in there too...

Code: Select all

<?php 
if(!isset($SESSION['username'])) //check for user login... 
  {
  header('Location: ../login/main.php'); 
  exit; 
  }
?>
KR

Dan
oxyfire
Forum Newbie
Posts: 3
Joined: Thu Apr 27, 2006 10:31 am

Post by oxyfire »

those damn brackets!!!!!

as always fix one problem then get another :D

im now getting this error

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /login/main.php:2) in /login/include/session.php on line 46
dasantillo
Forum Newbie
Posts: 10
Joined: Wed Mar 15, 2006 4:31 am
Location: Swansea, Wales

Post by dasantillo »

oxyfire wrote:those damn brackets!!!!!

as always fix one problem then get another :D

im now getting this error

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /login/main.php:2) in /login/include/session.php on line 46
I think that the header function must be called before the <head> tag in the PHP file as the header function generates <head> anyway, meaning there would be two which would cause the error. I had this problem when I first started sessions with a login.

Give it a go and see if it works :-)

KR

Dan.
User avatar
uberdragon
Forum Newbie
Posts: 11
Joined: Thu Apr 27, 2006 8:54 am
Location: Farmington, CT

Post by uberdragon »

oxyfire wrote:those damn brackets!!!!!

as always fix one problem then get another :D

im now getting this error

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /login/main.php:2) in /login/include/session.php on line 46
<?php session_start(); ?> should be the very first line of your code. Starting the session sends information thru the headers so it must be the first piece of code that is going to write anything to the screen (browser). The same holds true regarding the header(); function. It must be used BEFORE any anything else is written to the page.

~Uber
Last edited by uberdragon on Fri Apr 28, 2006 11:09 am, edited 1 time in total.
EricS
Forum Contributor
Posts: 183
Joined: Thu Jul 11, 2002 12:02 am
Location: Atlanta, Ga

Post by EricS »

Another thing to watch out for.

When using redirects via header(), be sure that you are not setting any information TO the session as in

Code: Select all

$_SESSION['user'] = 'User';
header('Location: ../login/main.php');
Setting data to the session can override the redirect in many (if not all browsers).

- Eric
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

session_start does not need to be the first line of your code. It does need to be called before any information is sent to the browser (code outputs, html code, other calls to header()) unless you are using the output control (ob_*) functions. It is good practice to set the call to session start as early in the script as possible.

Also, in your redirect header call, user full urls, not relative ones. From the PHP Manual:
The PHP Manual: HTTP Section wrote:* Copied from the header() function page *
Note: HTTP/1.1 requires an absolute URI as argument to Location: including the scheme, hostname and absolute path, but some clients accept relative URIs. You can usually use $_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'] and dirname() to make an absolute URI from a relative one yourself:
Post Reply