Members Area
Moderator: General Moderators
Members Area
Hi there all !
I got a website that users log into , i have made the pages that are displayed before log in , and have the pages all set up also for after they log in!
the problem is that if you have the path http://www.mysite.com/members/signedin for example, you can get to it by just typing this link , even if you are logged in or out!
How do i get it to display a page to log in if someone just types this link ? i guess what i need is the ability to check each person who gets to these pages if they are logged in or not?
does this make any sense ! lol
Thank you ,
Elaine
I got a website that users log into , i have made the pages that are displayed before log in , and have the pages all set up also for after they log in!
the problem is that if you have the path http://www.mysite.com/members/signedin for example, you can get to it by just typing this link , even if you are logged in or out!
How do i get it to display a page to log in if someone just types this link ? i guess what i need is the ability to check each person who gets to these pages if they are logged in or not?
does this make any sense ! lol
Thank you ,
Elaine
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Typically you would save one or more values in the session when they have successfully logged-in. Then on each "members" page you would check to see if the right values were set in the session before displaying the page. If the values were not found or not right the the page would redirect to the log-in page.
(#10850)
i guess an easy way to do this would be with a check_login() function,
this assumes that when you log your users in you set $_SESSION['logged_in'] = true;
the top of your restricted pages would then typically look like this
Code: Select all
<?php
function check_login()
{
if ($_SESSION['logged_in'])
return;
else
die('Sorry, you have to be logged in to access this page. <a href="your_login_url">click here to login</a>');
}
?>the top of your restricted pages would then typically look like this
Code: Select all
<?php
include ('file_with_check_login_function_in_it.php');
check_login();
// your code
// ...
?>where do i place the function check_login() ?
and i do not have it set as you stated : $_SESSION['logged_in'] = true;
should i just add that into my checkuser.php file i have that verifies the users when they log in ?
and do i change the logged _in to username? which is what we basically go by on the site?
Elaine
and i do not have it set as you stated : $_SESSION['logged_in'] = true;
should i just add that into my checkuser.php file i have that verifies the users when they log in ?
and do i change the logged _in to username? which is what we basically go by on the site?
Elaine
I normally create 2 files for all my pages. A config.php and a common.php. Between the 2 they have db credentials and commonly used functions that can be called from anypage. So you would put the check login function in your common.php file per-say. Include config.php and common.php for all pages that you create on line #1 and #2. You can even initialize the session and define session variables from within common.php that way if you need to do headers or anything you can be sure that there has not been any output. As far as logging in the user. I normally pull a unique indentification number from the db that was assigned to the user upon signup. I assign that to $_session['uid'] and go from there. That way you can check logged in with something like this.
In addition to being able to see if the user is logged in, you can also identify the user in your database and pull information from the data that is specific to the logged in user. All this in one swoop.
There are limitless possibilities.
Hope this helped!
Code: Select all
<?php
function check_login(){
if ($_session['uid']<>"")
return;
else
die("sorry, please login.")
}
?>There are limitless possibilities.
Hope this helped!
ok here it is ,
i got a checkuser.php
now when my users log in , they get the members area, which is good, but so can everyone else on the net if they have the path ! but i cant seem to get it right , i have this so far , which i think i need to put on each individual page? unless i make one main file pointing to the one file !
i really appoligize to everyone who is getting frustrated with me !
but once i get it , iwill never forget ! ehhehehe
thanks again,
Elaine
i got a checkuser.php
Code: Select all
<?php error_reporting(E_ALL);
/* Check User Script */
session_start(); // Start Session
include 'db.php';
$msg = "You could not be logged in! Either the username and password do not match or you have not validated your membership! Please Try again!";
$msga = "Please enter ALL the information!";
// Conver to simple variables
$username = $_POST['username'];
$password = $_POST['password'];
if((!$username) || (!$password)){
echo "<script langauge=\"javascript\">alert(\"".$msga."\");</script>";
include 'login.php';
exit();
}
// Convert password to md5 hash
$password = md5($password);
// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name'] = $last_name;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('special_user');
$_SESSION['user_level'] = $user_level;
mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
header("Location: members/login_success.php");
}
} else {
echo "<script langauge=\"javascript\">alert(\"".$msg."\");</script>";
include 'login.php';
}
?>Code: Select all
<?php include 'headermem.php';
$msga = "Please Log in! Thank you !";
if(isset($_SESSION['username'])) {
return;
}
else {
echo "<script langauge=\"javascript\">alert(\"".$msga."\");</script>";
include '../login.php';
exit();
}
include 'footermem.php';
?>but once i get it , iwill never forget ! ehhehehe
thanks again,
Elaine
-
nickvd
- DevNet Resident
- Posts: 1027
- Joined: Thu Mar 10, 2005 5:27 pm
- Location: Southern Ontario
- Contact:
I'd suggest buying a more recent book on php, there are security vulnerabilities in your code.
SQL Injection:
SQL Injection:
Code: Select all
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");ok well i have no clue on these things , i needed code to get users to log in andregister, i found a full code that had all the stuff i needed, i used that ,
do you have another suggestion for a membership log in tutorial? that would be less of a vulnerability?
when you put that there and say it is a risk , i do not see what you see , you have a little more experience than i do, i have only been doing this for like 2 months if!
but one day when im all growed up i probably will see it , but for now , if you can help it would be appreciated ?
Thank you
Elaine
do you have another suggestion for a membership log in tutorial? that would be less of a vulnerability?
when you put that there and say it is a risk , i do not see what you see , you have a little more experience than i do, i have only been doing this for like 2 months if!
but one day when im all growed up i probably will see it , but for now , if you can help it would be appreciated ?
Thank you
Elaine