Page 1 of 1

php Sessions login pages not hidden

Posted: Wed Aug 16, 2006 4:53 am
by Wardy7
I have a site that users have to log into to view their own members area.
The site uses sessions so when a user logs in the pages such as http://www.mysite.com/account.php show the users details.
However, if someone is NOT logged in and they just go to http://www.mysite.com/account.php they can still view the whole page but with all the bits that contain a users details are empty.
How do I make it so that these pages are not able to be viewed when a user is not logged in and that the user get's prompted to enter their username and password to login and view it properly?

Cheers
Wardy

Posted: Wed Aug 16, 2006 5:09 am
by DessieD32
Hi - I did something similar to this using PHP sessions.

Im a newbie to this so it may not be the best way to implement..

When the user successfully logs in, I set a session variable UID. For each page on the site, the first thing I do is a session_start and query this session variable. If it's 0, I do a redirect back to the login page.

Works ok, though I am having an issue with Firefox / Internet Explorer which Im going to do a post on so may be problems with this method.