Page 1 of 1
User login problem
Posted: Thu Jan 18, 2007 2:50 pm
by hhisc383
Hello everyone. Here's the situation:
I have a login page, and when someone logs in, it redirects them to the page that I specify under the admin controls. When they get to this page, they can bookmark it, and then go right back to it without logging in again. Is there a script that I can use that would send them back to the login page if they try to access that page without logging in first?
Posted: Thu Jan 18, 2007 2:56 pm
by John Cartwright
using sessions, when logging in you would apply a flag to indicate that they have logged in.
Code: Select all
session_start();
if (login is valid)
{
$_SESSION['loggedin'] = true;
}
then on the page you are trying to protect, at the top of the page
Code: Select all
session_start();
if (!isset($_SESSION['loggedin']))
{
header('Location: http://domain.com/login/');
exit();
}
Posted: Thu Jan 18, 2007 2:59 pm
by hhisc383
alright thanks...just a couple quick questions...
the first code you have listed...where would that go? on what page?
and the second code, would the location address be the page that they are to be redirected to?
Thanks
Posted: Thu Jan 18, 2007 3:55 pm
by boo_lolly
hhisc383 wrote:alright thanks...just a couple quick questions...
the first code you have listed...where would that go? on what page?
and the second code, would the location address be the page that they are to be redirected to?
Thanks
that would go AT THE VERY TOP of your login.php page. the second one would go on the page that is displayed
after the user has successfully logged in. the second code says that if the user tries to access a page (where they have to be logged in to see) and they are not logged in, then redirect them to the login page.
Posted: Thu Jan 18, 2007 4:05 pm
by hhisc383
boo_lolly wrote:hhisc383 wrote:alright thanks...just a couple quick questions...
the first code you have listed...where would that go? on what page?
and the second code, would the location address be the page that they are to be redirected to?
Thanks
that would go AT THE VERY TOP of your login.php page. the second one would go on the page that is displayed
after the user has successfully logged in. the second code says that if the user tries to access a page (where they have to be logged in to see) and they are not logged in, then redirect them to the login page.
When I do that, I get the following error:
Parse error: parse error, unexpected T_STRING in /home/content/l/a/s/lastdetailwd/html/login/login.php on line 9
any ideas?
Posted: Thu Jan 18, 2007 4:07 pm
by aaronhall
I'm going to guess that you pasted "if (login is valid)" directly into the script
Posted: Thu Jan 18, 2007 4:08 pm
by hhisc383
yes...i'm new to this php thing! what should go there?
Posted: Thu Jan 18, 2007 4:13 pm
by aaronhall
How do you currently check if the login is valid?
Posted: Thu Jan 18, 2007 4:15 pm
by hhisc383
feyd | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Code: Select all
<?
session_start();
if (($_SESSION[user_name] != "") && ($_SESSION[password] != ""))
{
header("Location:$_SESSION[redirect]");
exit;
}
if(($lr_user != "") && ($lr_pass != ""))
{
header("Location:redirect.php");
exit;
}
header("Location:login.php");
?>
feyd | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Posted: Thu Jan 18, 2007 4:22 pm
by aaronhall
As jcart already went over: If the login is valid, you would set a session variable that indicates that the user is logged in, as such:
Then in the page you want to protect, check if that variable is set to true using jcart's code.
If that is your authentication code, it appears that though your script authenticates the user as long as the username and password fields aren't empty. So, guessing the username and password wouldn't be very difficult.
Posted: Thu Jan 18, 2007 4:52 pm
by feyd
points of interest
- short tags
- quoted indices
- header redirection