User login problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
hhisc383
Forum Newbie
Posts: 6
Joined: Wed Jan 17, 2007 11:53 am

User login problem

Post by hhisc383 »

Hello everyone. Here's the situation:

I have a login page, and when someone logs in, it redirects them to the page that I specify under the admin controls. When they get to this page, they can bookmark it, and then go right back to it without logging in again. Is there a script that I can use that would send them back to the login page if they try to access that page without logging in first?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

using sessions, when logging in you would apply a flag to indicate that they have logged in.

Code: Select all

session_start();
if (login is valid)
{
   $_SESSION['loggedin'] = true;
}
then on the page you are trying to protect, at the top of the page

Code: Select all

session_start();
if (!isset($_SESSION['loggedin'])) 
{
   header('Location: http://domain.com/login/');
   exit();
}
hhisc383
Forum Newbie
Posts: 6
Joined: Wed Jan 17, 2007 11:53 am

Post by hhisc383 »

alright thanks...just a couple quick questions...

the first code you have listed...where would that go? on what page?

and the second code, would the location address be the page that they are to be redirected to?

Thanks
User avatar
boo_lolly
Forum Contributor
Posts: 154
Joined: Tue Nov 14, 2006 5:04 pm

Post by boo_lolly »

hhisc383 wrote:alright thanks...just a couple quick questions...

the first code you have listed...where would that go? on what page?

and the second code, would the location address be the page that they are to be redirected to?

Thanks
that would go AT THE VERY TOP of your login.php page. the second one would go on the page that is displayed after the user has successfully logged in. the second code says that if the user tries to access a page (where they have to be logged in to see) and they are not logged in, then redirect them to the login page.
hhisc383
Forum Newbie
Posts: 6
Joined: Wed Jan 17, 2007 11:53 am

Post by hhisc383 »

boo_lolly wrote:
hhisc383 wrote:alright thanks...just a couple quick questions...

the first code you have listed...where would that go? on what page?

and the second code, would the location address be the page that they are to be redirected to?

Thanks
that would go AT THE VERY TOP of your login.php page. the second one would go on the page that is displayed after the user has successfully logged in. the second code says that if the user tries to access a page (where they have to be logged in to see) and they are not logged in, then redirect them to the login page.

When I do that, I get the following error:

Parse error: parse error, unexpected T_STRING in /home/content/l/a/s/lastdetailwd/html/login/login.php on line 9

any ideas?
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

I'm going to guess that you pasted "if (login is valid)" directly into the script
hhisc383
Forum Newbie
Posts: 6
Joined: Wed Jan 17, 2007 11:53 am

Post by hhisc383 »

yes...i'm new to this php thing! what should go there?
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

How do you currently check if the login is valid?
hhisc383
Forum Newbie
Posts: 6
Joined: Wed Jan 17, 2007 11:53 am

Post by hhisc383 »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Code: Select all

<?

session_start();

if (($_SESSION[user_name] != "") && ($_SESSION[password] != ""))
{
	header("Location:$_SESSION[redirect]");
	exit;
}

if(($lr_user != "") && ($lr_pass != ""))
{
	header("Location:redirect.php");
	exit;
}

	header("Location:login.php");


?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

As jcart already went over: If the login is valid, you would set a session variable that indicates that the user is logged in, as such:

Code: Select all

$_SESSION['loggedin'] = true;
Then in the page you want to protect, check if that variable is set to true using jcart's code.

If that is your authentication code, it appears that though your script authenticates the user as long as the username and password fields aren't empty. So, guessing the username and password wouldn't be very difficult.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

points of interest
  • short tags
  • quoted indices
  • header redirection
Post Reply