login and session variables

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Dobson
Forum Newbie
Posts: 11
Joined: Sat Apr 29, 2006 4:53 am

login and session variables

Post by Dobson »

Good evening everyone,

I need to pass username and password details through a few pages. What is the best way to do this? The basic structure of the site is this:

Login page -> Members page -> A few pages come off the members page

I want to keep the information in the browser and also check on everypage to see if there is a valid user accessing that page.

If i'm being too vague please let me know.

Cheers,
Dobson.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Why do you want to pass the credentials via every page?

Eg: if you use http://www.php.net/sessions you can easily store if the user was logged in or not... And then simply check that variable when you need it... No need to transport the user credentials over all these pages..
Dobson
Forum Newbie
Posts: 11
Joined: Sat Apr 29, 2006 4:53 am

Post by Dobson »

Yeah you're right, I want to use sessions. How do they work? Is there a tutorial somewhere? I'm new to this and a little lost.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

The link should have been http://www.php.net/session.

Here's a very brief example, in your login script:

Code: Select all

if (valid_credentials()) {
  $_SESSION['logged_in'] = TRUE;
} else {
  $_SESSION['logged_in'] = FALSE;
}
In a script that requires the user to be logged in:

Code: Select all

if (!isset($_SESSION)) {
  session_start();
}

if (!$_SESSION['logged_in']) {
  // user is not logged in
} else {
  // user is logged in
}
Dobson
Forum Newbie
Posts: 11
Joined: Sat Apr 29, 2006 4:53 am

Post by Dobson »

Sorry i'm a little lost.

My first login page (login.php) sends variables via POST to the members page (members.php).

Should there be a page in the middle that checks credentials?
santosj
Forum Contributor
Posts: 157
Joined: Sat Apr 29, 2006 7:06 pm

Post by santosj »

Dobson wrote:Sorry i'm a little lost.

My first login page (login.php) sends variables via POST to the members page (members.php).

Should there be a page in the middle that checks credentials?
That is usually how I do it since it is rather annoying and time consuming to have to check POST data on every member page.

Create checklogin.php for checking that the user exists, has correct password, and create the session. Once the session is created any page that has session_start() will carry the session data.
Dobson
Forum Newbie
Posts: 11
Joined: Sat Apr 29, 2006 4:53 am

Post by Dobson »

ah i see. but how do i get the checklogin.php page to go straight to members.php without showing its face, so to speak?
User avatar
Hurreman
Forum Commoner
Posts: 61
Joined: Sat Apr 29, 2006 8:42 am

Post by Hurreman »

Dobson wrote:ah i see. but how do i get the checklogin.php page to go straight to members.php without showing its face, so to speak?
As long as your checklogin.php file doesn't write any output, you can use header(). Example:

checklogin.php:

Code: Select all

<?php
session_start();
// Check so credentials are sent
if(isset($_POST['userLogin']) && isset($_POST['userPass'])) 
{
   // Do password check
   if($_POST['userLogin']=='myUser' && $_POST['userPass']=='myPass')   
   {
      $_SESSION['loggedIn']=true;
      header('Location: members.php');
      exit();
   }
   else
   {
      header('Location: index.php');
      exit();
   }
}
?>
Dobson
Forum Newbie
Posts: 11
Joined: Sat Apr 29, 2006 4:53 am

Post by Dobson »

awesome. it works. thanks everyone!
Post Reply