Can someone help me out? Thanks...
Checking to see if user is logged in before displaying page
Moderator: General Moderators
Checking to see if user is logged in before displaying page
I have a user authentication script that i'm using, however, all it does is log them in. All the other pages are still just as easily viewed as they were before the script. Now, I DO understand why this is true. It's because I don't have a function call at the top of every page that calls to check for validation of user. What I want to do though ( and I have no idea how to do this ), is not allow a page to be displayed wihtout a successful login..
Can someone help me out? Thanks...
Can someone help me out? Thanks...
You could use sessions
On a successful login create a session....
Then at the top of every page put...
..this will bounce them back to the login page if the session is not set.
RM
On a successful login create a session....
Code: Select all
<?php
if(isset($_POST['Password']) and $_POST['Password'] == 'password')
{
$_SESSION['Loggedin'] = True;
}
?>Code: Select all
<?php
if(!isset($_SESSION['password']))
{
Header("Location: login.php");
}
?>RM
sweeeeeeeeeeeeeeeeeeeeeet, thanks a lot 
EDIT:::
if so, cool. if not, why? thanks
EDIT:::
Don't you mean<?php
if(isset($_POST['Password']) and $_POST['Password'] == 'password')
{
$_SESSION['Loggedin'] = True;
}
?>
Code: Select all
if(isset($_POSTї'Username']) and $_POSTї'Password'] == 'password')if so, cool. if not, why? thanks
infolock,
Sorry I was half asleep when I wrote this, it's morning now so I'll have another go!
Your question..
If however there is only one username and password for the site then you really want two statements...
This assumes that there is a hardcoded username called "username" and hardcoded password called "password" which it validates against.
I cocked this line up a bit though, on top of every page it should be...
If I am not making any sense just drop another post and I'll try again - its only 09:10 after all 
Sorry I was half asleep when I wrote this, it's morning now so I'll have another go!
Your question..
Well it really depends whether you are validating the username and password from a database where everybody has their own details.should it be..
if(isset($_POST['Username']) and $_POST['Password'] == 'password')
If however there is only one username and password for the site then you really want two statements...
Code: Select all
<?php
if(isset($_POST['Username']) and $_POST['Username'] == 'username' && isset($_POST['Password']) and $_POST['Password'] == 'password')
{
$_SESSION['Loggedin'] = True;
}
else
{
Header("Location: login.php");
}
?>I cocked this line up a bit though, on top of every page it should be...
Code: Select all
<?php
if(!isset($_SESSION['Loggedin'])) //not $_SESSION['password'] which I had!
{
Header("Location: login.php");
}
?>hey, thanks for the update
actually, the code i'm working with stores the username/passwords in a mysql database ( it's not hardcoded in ). If I could get an example using it this way, that would be great. Thanks again.
===================
Edit
===================
N/M bud, I just saw the sticky topic
Problem solved now, thanks for the input
===================
Edit
===================
N/M bud, I just saw the sticky topic
Problem solved now, thanks for the input