Page 1 of 1
login and session variables
Posted: Mon May 01, 2006 6:39 am
by Dobson
Good evening everyone,
I need to pass username and password details through a few pages. What is the best way to do this? The basic structure of the site is this:
Login page -> Members page -> A few pages come off the members page
I want to keep the information in the browser and also check on everypage to see if there is a valid user accessing that page.
If i'm being too vague please let me know.
Cheers,
Dobson.
Posted: Mon May 01, 2006 6:41 am
by timvw
Why do you want to pass the credentials via every page?
Eg: if you use
http://www.php.net/sessions you can easily store if the user was logged in or not... And then simply check that variable when you need it... No need to transport the user credentials over all these pages..
Posted: Mon May 01, 2006 6:48 am
by Dobson
Yeah you're right, I want to use sessions. How do they work? Is there a tutorial somewhere? I'm new to this and a little lost.
Posted: Mon May 01, 2006 7:08 am
by timvw
The link should have been
http://www.php.net/session.
Here's a very brief example, in your login script:
Code: Select all
if (valid_credentials()) {
$_SESSION['logged_in'] = TRUE;
} else {
$_SESSION['logged_in'] = FALSE;
}
In a script that requires the user to be logged in:
Code: Select all
if (!isset($_SESSION)) {
session_start();
}
if (!$_SESSION['logged_in']) {
// user is not logged in
} else {
// user is logged in
}
Posted: Mon May 01, 2006 7:42 am
by Dobson
Sorry i'm a little lost.
My first login page (login.php) sends variables via POST to the members page (members.php).
Should there be a page in the middle that checks credentials?
Posted: Mon May 01, 2006 7:52 am
by santosj
Dobson wrote:Sorry i'm a little lost.
My first login page (login.php) sends variables via POST to the members page (members.php).
Should there be a page in the middle that checks credentials?
That is usually how I do it since it is rather annoying and time consuming to have to check POST data on every member page.
Create checklogin.php for checking that the user exists, has correct password, and create the session. Once the session is created any page that has session_start() will carry the session data.
Posted: Mon May 01, 2006 7:58 am
by Dobson
ah i see. but how do i get the checklogin.php page to go straight to members.php without showing its face, so to speak?
Posted: Mon May 01, 2006 8:19 am
by Hurreman
Dobson wrote:ah i see. but how do i get the checklogin.php page to go straight to members.php without showing its face, so to speak?
As long as your
checklogin.php file doesn't write any output, you can use header(). Example:
checklogin.php:
Code: Select all
<?php
session_start();
// Check so credentials are sent
if(isset($_POST['userLogin']) && isset($_POST['userPass']))
{
// Do password check
if($_POST['userLogin']=='myUser' && $_POST['userPass']=='myPass')
{
$_SESSION['loggedIn']=true;
header('Location: members.php');
exit();
}
else
{
header('Location: index.php');
exit();
}
}
?>
Posted: Mon May 01, 2006 8:27 am
by Dobson
awesome. it works. thanks everyone!