Page 1 of 1
Checking to see if user is logged in before displaying page
Posted: Thu May 15, 2003 3:56 pm
by infolock
I have a user authentication script that i'm using, however, all it does is log them in. All the other pages are still just as easily viewed as they were before the script. Now, I DO understand why this is true. It's because I don't have a function call at the top of every page that calls to check for validation of user. What I want to do though ( and I have no idea how to do this ), is not allow a page to be displayed wihtout a successful login..
Can someone help me out? Thanks...

Posted: Thu May 15, 2003 4:30 pm
by oQEDo
You could use sessions
On a successful login create a session....
Code: Select all
<?php
if(isset($_POST['Password']) and $_POST['Password'] == 'password')
{
$_SESSION['Loggedin'] = True;
}
?>
Then at the top of every page put...
Code: Select all
<?php
if(!isset($_SESSION['password']))
{
Header("Location: login.php");
}
?>
..this will bounce them back to the login page if the session is not set.
RM
Posted: Thu May 15, 2003 6:49 pm
by infolock
sweeeeeeeeeeeeeeeeeeeeeet, thanks a lot
EDIT:::
<?php
if(isset($_POST['Password']) and $_POST['Password'] == 'password')
{
$_SESSION['Loggedin'] = True;
}
?>
Don't you mean
Code: Select all
if(isset($_POSTї'Username']) and $_POSTї'Password'] == 'password')
if so, cool. if not, why? thanks

Posted: Fri May 16, 2003 3:12 am
by oQEDo
infolock,
Sorry I was half asleep when I wrote this, it's morning now so I'll have another go!
Your question..
should it be..
if(isset($_POST['Username']) and $_POST['Password'] == 'password')
Well it really depends whether you are validating the username and password from a database where everybody has their own details.
If however there is only one username and password for the site then you really want two statements...
Code: Select all
<?php
if(isset($_POST['Username']) and $_POST['Username'] == 'username' && isset($_POST['Password']) and $_POST['Password'] == 'password')
{
$_SESSION['Loggedin'] = True;
}
else
{
Header("Location: login.php");
}
?>
This assumes that there is a hardcoded username called "username" and hardcoded password called "password" which it validates against.
I cocked this line up a bit though, on top of every page it should be...
Code: Select all
<?php
if(!isset($_SESSION['Loggedin'])) //not $_SESSION['password'] which I had!
{
Header("Location: login.php");
}
?>
If I am not making any sense just drop another post and I'll try again - its only 09:10 after all

Posted: Fri May 16, 2003 4:07 pm
by infolock
hey, thanks for the update

actually, the code i'm working with stores the username/passwords in a mysql database ( it's not hardcoded in ). If I could get an example using it this way, that would be great. Thanks again.
===================
Edit
===================
N/M bud, I just saw the sticky topic
Problem solved now, thanks for the input
