Checking to see if user is logged in before displaying page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Checking to see if user is logged in before displaying page

Post by infolock »

I have a user authentication script that i'm using, however, all it does is log them in. All the other pages are still just as easily viewed as they were before the script. Now, I DO understand why this is true. It's because I don't have a function call at the top of every page that calls to check for validation of user. What I want to do though ( and I have no idea how to do this ), is not allow a page to be displayed wihtout a successful login..

Can someone help me out? Thanks... 8O
User avatar
oQEDo
Forum Commoner
Posts: 43
Joined: Thu Feb 20, 2003 11:08 am
Location: UK

Post by oQEDo »

You could use sessions
On a successful login create a session....

Code: Select all

<?php
if(isset($_POST['Password']) and $_POST['Password'] == 'password')
{
   $_SESSION['Loggedin'] = True;
}
?>
Then at the top of every page put...

Code: Select all

<?php
if(!isset($_SESSION['password']))
{
   Header("Location: login.php"); 
}
?>
..this will bounce them back to the login page if the session is not set.

RM
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

sweeeeeeeeeeeeeeeeeeeeeet, thanks a lot :twisted:



EDIT:::
<?php
if(isset($_POST['Password']) and $_POST['Password'] == 'password')
{
$_SESSION['Loggedin'] = True;
}
?>
Don't you mean

Code: Select all

if(isset($_POST&#1111;'Username']) and $_POST&#1111;'Password'] == 'password')

if so, cool. if not, why? thanks ;)
User avatar
oQEDo
Forum Commoner
Posts: 43
Joined: Thu Feb 20, 2003 11:08 am
Location: UK

Post by oQEDo »

infolock,
Sorry I was half asleep when I wrote this, it's morning now so I'll have another go!

Your question..
should it be..
if(isset($_POST['Username']) and $_POST['Password'] == 'password')
Well it really depends whether you are validating the username and password from a database where everybody has their own details.
If however there is only one username and password for the site then you really want two statements...

Code: Select all

<?php
if(isset($_POST['Username']) and $_POST['Username'] == 'username' && isset($_POST['Password']) and $_POST['Password'] == 'password') 
{ 
   $_SESSION['Loggedin'] = True; 
}
else
{
    Header("Location: login.php");
}
?>
This assumes that there is a hardcoded username called "username" and hardcoded password called "password" which it validates against.

I cocked this line up a bit though, on top of every page it should be...

Code: Select all

<?php
if(!isset($_SESSION['Loggedin']))  //not $_SESSION['password'] which I had!
{ 
   Header("Location: login.php"); 
} 
?>
If I am not making any sense just drop another post and I'll try again - its only 09:10 after all :?
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

hey, thanks for the update ;) actually, the code i'm working with stores the username/passwords in a mysql database ( it's not hardcoded in ). If I could get an example using it this way, that would be great. Thanks again.



===================

Edit

===================


N/M bud, I just saw the sticky topic :oops:


Problem solved now, thanks for the input ;)
Post Reply