login and session variables
Moderator: General Moderators
login and session variables
Good evening everyone,
I need to pass username and password details through a few pages. What is the best way to do this? The basic structure of the site is this:
Login page -> Members page -> A few pages come off the members page
I want to keep the information in the browser and also check on everypage to see if there is a valid user accessing that page.
If i'm being too vague please let me know.
Cheers,
Dobson.
I need to pass username and password details through a few pages. What is the best way to do this? The basic structure of the site is this:
Login page -> Members page -> A few pages come off the members page
I want to keep the information in the browser and also check on everypage to see if there is a valid user accessing that page.
If i'm being too vague please let me know.
Cheers,
Dobson.
Why do you want to pass the credentials via every page?
Eg: if you use http://www.php.net/sessions you can easily store if the user was logged in or not... And then simply check that variable when you need it... No need to transport the user credentials over all these pages..
Eg: if you use http://www.php.net/sessions you can easily store if the user was logged in or not... And then simply check that variable when you need it... No need to transport the user credentials over all these pages..
The link should have been http://www.php.net/session.
Here's a very brief example, in your login script:
In a script that requires the user to be logged in:
Here's a very brief example, in your login script:
Code: Select all
if (valid_credentials()) {
$_SESSION['logged_in'] = TRUE;
} else {
$_SESSION['logged_in'] = FALSE;
}Code: Select all
if (!isset($_SESSION)) {
session_start();
}
if (!$_SESSION['logged_in']) {
// user is not logged in
} else {
// user is logged in
}That is usually how I do it since it is rather annoying and time consuming to have to check POST data on every member page.Dobson wrote:Sorry i'm a little lost.
My first login page (login.php) sends variables via POST to the members page (members.php).
Should there be a page in the middle that checks credentials?
Create checklogin.php for checking that the user exists, has correct password, and create the session. Once the session is created any page that has session_start() will carry the session data.
As long as your checklogin.php file doesn't write any output, you can use header(). Example:Dobson wrote:ah i see. but how do i get the checklogin.php page to go straight to members.php without showing its face, so to speak?
checklogin.php:
Code: Select all
<?php
session_start();
// Check so credentials are sent
if(isset($_POST['userLogin']) && isset($_POST['userPass']))
{
// Do password check
if($_POST['userLogin']=='myUser' && $_POST['userPass']=='myPass')
{
$_SESSION['loggedIn']=true;
header('Location: members.php');
exit();
}
else
{
header('Location: index.php');
exit();
}
}
?>