Page 1 of 1
login script and sessions
Posted: Thu Apr 27, 2006 10:36 am
by oxyfire
Hi guys
Ive put a login script on a site that im creating and its working fine. What i want to do next is make certain pages only accessable if ur logged into the site.
im very new to php and im sturggling on getting this working can someone show me a basic redirect if ur not logged in script please?

Posted: Thu Apr 27, 2006 10:54 am
by dasantillo
You just need to create a session variable and check it on each page - at least, that's how I've done it.
This needs to be on the page only allowed to be viewed once logged in - at the very top of the file.
Code: Select all
<?php
include("../common.php");
checkUser();
?>
<body>
The function in common.php is:
Code: Select all
function checkUser()
{
session_start();
if ($_SESSION["loginSuccess"] == false)
header("Location: /"); // redirect to login page
}
And the login page should be like this:
Code: Select all
session_register("loginSuccess");
if ($username && $password) // if they are both correct
{
$loginSuccess = true;
$_SESSION["loginSuccess"] = true;
}
else
{
$_SESSION["loginSuccess"] = false;
}
Hope this helps.
KR
Dan.
Posted: Thu Apr 27, 2006 10:58 am
by n00b Saibot
you have to study up on sessions &
header() to understand/implement this
Code: Select all
<?php
if(!isset($_SESSION['user']) //check for user login...
header('Location: login.php');
?>
Posted: Thu Apr 27, 2006 11:04 am
by RobertGonzalez
I like to do what nOOb suggested. I usually put a piece of code called 'check_logged_in.php' or something to that effect into a small function and call that at the beginning of each logged in page via an include. I usually look for a session var being set to 'logged_in' or something like that. If it is not set, header the user back to the login page. Otherwise, the script will do what it is supposed to do if the user is logged in.
Posted: Thu Apr 27, 2006 11:40 am
by timvw
Don't forget to call
http://www.php.net/exit after the redirection to the login page when you check the loginstatus... Otherwise code would still be executed... And browsers that don't follow redirections would get to see the output...
Posted: Thu Apr 27, 2006 12:04 pm
by RobertGonzalez
Good point. Forgot about putting that in there.
Code: Select all
<?php
if(!isset($_SESSION['user']) //check for user login...
header('Location: login.php');
exit;
?>
Posted: Fri Apr 28, 2006 2:43 am
by oxyfire
ok this is me being very n00by and i know its going to be something very simple to fix but im still having trouble
Im getting an error when i use the code. im guessing its to do with the location of the files which are....
my login page is in :maindir/login/main.php
and the page i want to protect is in :maindir/upload/index.php
heres the code im using
Code: Select all
<?php
if(!isset($SESSION['username']) //check for user login...
header('Location: ../login/main.php');
exit;
?>
and heres the error
Parse error: parse error, unexpected T_STRING in blah blah on line 3
Posted: Fri Apr 28, 2006 2:49 am
by dasantillo
You're missing a bracket
Try this:
Code: Select all
<?php
if(!isset($SESSION['username'])) //check for user login...
header('Location: ../login/main.php');
exit;
?>
Oh, and you may want some curly brackets in there too...
Code: Select all
<?php
if(!isset($SESSION['username'])) //check for user login...
{
header('Location: ../login/main.php');
exit;
}
?>
KR
Dan
Posted: Fri Apr 28, 2006 3:01 am
by oxyfire
those damn brackets!!!!!
as always fix one problem then get another
im now getting this error
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /login/main.php:2) in /login/include/session.php on line 46
Posted: Fri Apr 28, 2006 3:07 am
by dasantillo
oxyfire wrote:those damn brackets!!!!!
as always fix one problem then get another
im now getting this error
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /login/main.php:2) in /login/include/session.php on line 46
I think that the header function must be called before the <head> tag in the PHP file as the header function generates <head> anyway, meaning there would be two which would cause the error. I had this problem when I first started sessions with a login.
Give it a go and see if it works
KR
Dan.
Posted: Fri Apr 28, 2006 8:10 am
by uberdragon
oxyfire wrote:those damn brackets!!!!!
as always fix one problem then get another
im now getting this error
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /login/main.php:2) in /login/include/session.php on line 46
<?php session_start(); ?> should be the very first line of your code. Starting the session sends information thru the headers so it must be the first piece of code that is going to write anything to the screen (browser). The same holds true regarding the header(); function. It must be used BEFORE any anything else is written to the page.
~Uber
Posted: Fri Apr 28, 2006 8:24 am
by EricS
Another thing to watch out for.
When using redirects via header(), be sure that you are not setting any information TO the session as in
Code: Select all
$_SESSION['user'] = 'User';
header('Location: ../login/main.php');
Setting data to the session can override the redirect in many (if not all browsers).
- Eric
Posted: Fri Apr 28, 2006 8:42 am
by RobertGonzalez
session_start does not need to be the first line of your code. It does need to be called before any information is sent to the browser (code outputs, html code, other calls to header()) unless you are using the output control (ob_*) functions. It is good practice to set the call to session start as early in the script as possible.
Also, in your redirect header call, user full urls, not relative ones. From the PHP Manual:
The PHP Manual: HTTP Section wrote:* Copied from
the header() function page *
Note: HTTP/1.1 requires an absolute URI as argument to Location: including the scheme, hostname and absolute path, but some clients accept relative URIs. You can usually use $_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'] and dirname() to make an absolute URI from a relative one yourself: