Session / Login Issue
Posted: Tue Dec 30, 2008 3:19 am
Hello guys and gals,
I hope you all had a merry christmas and are looking forward to a stern new year of beer
Unfortunately for me I am stuck at work until tomorrow and I am working through a more complex login system at the moment. I have made the login page and all associated pages (password forogtten, admin pages etc etc) What I want to do now is protect the pages that are for members only.
I have the sessions.php stored as a seperate php file that is included in the login page etc. However once the user logins in and the session starts what php code could I use to protect my pages? Any input is appreciated (especially from papa, he is my hero)
This is the code for the login page. If you need to see any additional code for other pages please let me know. (Sorry to include all the html in this paste, i have highlighted the php for easy reading.
I hope you all had a merry christmas and are looking forward to a stern new year of beer
Unfortunately for me I am stuck at work until tomorrow and I am working through a more complex login system at the moment. I have made the login page and all associated pages (password forogtten, admin pages etc etc) What I want to do now is protect the pages that are for members only.
I have the sessions.php stored as a seperate php file that is included in the login page etc. However once the user logins in and the session starts what php code could I use to protect my pages? Any input is appreciated (especially from papa, he is my hero)
This is the code for the login page. If you need to see any additional code for other pages please let me know. (Sorry to include all the html in this paste, i have highlighted the php for easy reading.
I know that I will need to run a session check I am just totally unsure of the coding for this. I want it to be as effective and secure as possible to be honest.<? include("include/session.php"); ?>
<html>
<title>Login</title>
<!-- Meta Information -->
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Language" content="en-GB">
<meta name="author" content="Yanayaya">
<meta name="generator" content="Dreamweaver CS3">
<meta name="copyright" content="Copyright 2008">
<meta name="description" content="">
<meta name="keywords" content="">
<!-- End of Meta Information -->
<!-- Being CSS -->
<link href="vacancy_style.css" rel="stylesheet" type="text/css">
<!-- End CSS -->
<body>
<table align="center" cellpadding="5" cellspacing="5">
<tr><td width="305">Login Panel
<?
//If user is a standard user, goto standard accountpage.
if($session->logged_in){
echo '
<table width="311" border="0" align="center" cellpadding="5" cellspacing="5" bgcolor="#fafafa" class="tblb">
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td colspan="3"><p>Welcome <b>'.$session->username.'</b>, you are logged in.</p></td>
</tr>
<tr>
<td colspan="3"><p>At last here is some bunf info, you can expand this allan, I know you can!</p></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td><p class="footertext">[<a class="one" href="userinfo.php?user='.$session->username.'">My Account</a>]</p></td>
<td><p class="footertext">[<a class="one" href="useredit.php">Edit Account</a>]</p></td>
<td><p class="footertext">[<a class="one" href="process.php">Logout</a>]</p></td>
</tr>
<tr>
<td colspan="3">
</td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
</table>';
//If user is an admin include an admin link.
if($session->isAdmin()){
echo '<p class="footertext">[<a class="one" href="admin/admin.php">Admin Center</a>]</p>'; }
}
else{
?>
<form action="process.php" method="POST">
<table width="311" border="0" cellpadding="5" cellspacing="5" bgcolor="#fafafa" class="tblb">
<tr>
<td width="69"><p class="formfont">Username:</p></td>
<td width="205"><input name="user" type="text" class="box" value="<? echo $form->value("user"); ?>" maxlength="30"></td>
</tr>
<tr>
<td><p class="formfont">Password:</p></td>
<td><input name="pass" type="password" class="box" value="<? echo $form->value("pass"); ?>" maxlength="30"></td>
</tr>
<tr>
<td><div align="right">
<input type="checkbox" name="remember" <? if($form->value("remember") != ""){ echo "checked"; } ?>>
</div></td>
<td><p>Remember me next time<input type="hidden" name="sublogin" value="1"></p></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Login"><input type="submit" name="reset" id="reset" value="Reset">
</td>
</tr>
<tr>
<td> </td>
<td><p class="footertext"><a href="forgotpass.php">Forgot Password?</a></p></td>
</tr>
<tr>
<td> </td>
<td><p class="footertext">Not registered? <a href="register.php">Sign-Up!</a></p></td>
</tr>
<tr>
<td colspan="2">
<p align="left" class="footertext">
<!-- Footer Note - User Information -->
<? }
//Footer note that displays members that are online information
echo '<br><p class="footertext"><b>Member Total:</b>'.$database->getNumMembers().'<br></p>';
echo '<p class="footertext">There are '.$database->num_active_users.' registered members<br>';
echo ''.$database->num_active_guests.' guests viewing the site.<br>';
include("include/view_active.php"); ?></p>
</td>
</tr>
</table>
</form>
<!-- End Login Form -->
</td>
</tr>
<tr>
<td><p class="footertext"><?
//If the user is not logged in, display the login form.
//If errors where found, show the errors.
if($form->num_errors > 0){ echo $form->num_errors."error(s) found in Login Credentials<br><b>Username</b> / <b>Password</b> Incorrect"; } ?></p></td>
</tr>
</table>
</body>
</html>