User login problem
Moderator: General Moderators
User login problem
Hello everyone. Here's the situation:
I have a login page, and when someone logs in, it redirects them to the page that I specify under the admin controls. When they get to this page, they can bookmark it, and then go right back to it without logging in again. Is there a script that I can use that would send them back to the login page if they try to access that page without logging in first?
I have a login page, and when someone logs in, it redirects them to the page that I specify under the admin controls. When they get to this page, they can bookmark it, and then go right back to it without logging in again. Is there a script that I can use that would send them back to the login page if they try to access that page without logging in first?
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
using sessions, when logging in you would apply a flag to indicate that they have logged in.
then on the page you are trying to protect, at the top of the page
Code: Select all
session_start();
if (login is valid)
{
$_SESSION['loggedin'] = true;
}Code: Select all
session_start();
if (!isset($_SESSION['loggedin']))
{
header('Location: http://domain.com/login/');
exit();
}that would go AT THE VERY TOP of your login.php page. the second one would go on the page that is displayed after the user has successfully logged in. the second code says that if the user tries to access a page (where they have to be logged in to see) and they are not logged in, then redirect them to the login page.hhisc383 wrote:alright thanks...just a couple quick questions...
the first code you have listed...where would that go? on what page?
and the second code, would the location address be the page that they are to be redirected to?
Thanks
boo_lolly wrote:that would go AT THE VERY TOP of your login.php page. the second one would go on the page that is displayed after the user has successfully logged in. the second code says that if the user tries to access a page (where they have to be logged in to see) and they are not logged in, then redirect them to the login page.hhisc383 wrote:alright thanks...just a couple quick questions...
the first code you have listed...where would that go? on what page?
and the second code, would the location address be the page that they are to be redirected to?
Thanks
When I do that, I get the following error:
Parse error: parse error, unexpected T_STRING in /home/content/l/a/s/lastdetailwd/html/login/login.php on line 9
any ideas?
feyd | Please use
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]Code: Select all
<?
session_start();
if (($_SESSION[user_name] != "") && ($_SESSION[password] != ""))
{
header("Location:$_SESSION[redirect]");
exit;
}
if(($lr_user != "") && ($lr_pass != ""))
{
header("Location:redirect.php");
exit;
}
header("Location:login.php");
?>feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]- aaronhall
- DevNet Resident
- Posts: 1040
- Joined: Tue Aug 13, 2002 5:10 pm
- Location: Back in Phoenix, missing the microbrews
- Contact:
As jcart already went over: If the login is valid, you would set a session variable that indicates that the user is logged in, as such:
Then in the page you want to protect, check if that variable is set to true using jcart's code.
If that is your authentication code, it appears that though your script authenticates the user as long as the username and password fields aren't empty. So, guessing the username and password wouldn't be very difficult.
Code: Select all
$_SESSION['loggedin'] = true;If that is your authentication code, it appears that though your script authenticates the user as long as the username and password fields aren't empty. So, guessing the username and password wouldn't be very difficult.