PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
sing2trees
Forum Newbie
Posts: 10 Joined: Thu Feb 12, 2009 4:25 pm
Post
by sing2trees » Thu Feb 12, 2009 4:28 pm
--------------------------------------------------------------------------------
Hi,
I have two sites running: a and b on the same domain.
Once logged in, I use the following script to ensure the person is logged in so they can access the content:
Code: Select all
<? session_start();if(!session_is_registered(myusername)){header("location:whoops.php");}?>
However if someone logs in to site a, they can access site b. And vice versa. How can I stop this?
Thanks in advance!
Ben
mbdigital
Forum Newbie
Posts: 21 Joined: Tue Feb 10, 2009 7:32 am
Location: NorthWest, England
Post
by mbdigital » Thu Feb 12, 2009 4:40 pm
Use different session names for each site. I.e. $_SESSION['A'] and $_SESSION['B']
sing2trees
Forum Newbie
Posts: 10 Joined: Thu Feb 12, 2009 4:25 pm
Post
by sing2trees » Thu Feb 12, 2009 4:45 pm
Thanks,
So would the script be the following:
Code: Select all
<? session['A']_start();if(!session_is_registered(myusername)){header("location:whoops.php");}?>
Thanks
Ben
jayshields
DevNet Resident
Posts: 1912 Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England
Post
by jayshields » Thu Feb 12, 2009 5:04 pm
No, he's talking about myusername. You can't put array indices in the middle of function names.
sing2trees
Forum Newbie
Posts: 10 Joined: Thu Feb 12, 2009 4:25 pm
Post
by sing2trees » Fri Feb 13, 2009 3:39 am
Sorry to be a pain - could you post a sample of what the code would be like?
Thanks again
jayshields
DevNet Resident
Posts: 1912 Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England
Post
by jayshields » Fri Feb 13, 2009 4:22 am
Website one:
Code: Select all
<? session_start();if(!session_is_registered('usernameA')){header("location:whoops.php");}?>
Website two:
Code: Select all
<? session_start();if(!session_is_registered('usernameB')){header("location:whoops.php");}?>
Then change every reference to $_SESSION['username'] on website one to $_SESSION['usernameA'] and website two to $_SESSION['usernameB'].
You really shouldn't be using session_is_registered() or short tags though. You should also be including an absolute URL in your header call. This is better:
Code: Select all
<?php
session_start();
if(!isset($_SESSION['usernameA']))
{
header("location: http://www.yourwebsite.com/whoops.php");
}
?>
sing2trees
Forum Newbie
Posts: 10 Joined: Thu Feb 12, 2009 4:25 pm
Post
by sing2trees » Fri Feb 13, 2009 8:21 am
Many many thanks for that!!!
sing2trees
Forum Newbie
Posts: 10 Joined: Thu Feb 12, 2009 4:25 pm
Post
by sing2trees » Fri Feb 13, 2009 10:52 am
Sorry to be a pain - having some problems!
I have the login page which checks the login details when submitted. I have added 'A' for site A to this:
Code: Select all
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusernameA");
session_register("mypassword");
header("location:login_success.php");
Login_success.php is this to redirect the user to the index page:
Code: Select all
<?php
session_start();
if(!isset($_SESSION['usernameA']))
{
header("location: http://www.mysite.com/whoops.php");
}
?>
<?php
header( 'Location: http://www.mysite.com/index2.php' ) ;
?>
And index2.php has this as the header:
Code: Select all
<?php
session_start();
if(!isset($_SESSION['usernameA']))
{
header("location: http://www.mysite.com/whoops.php");
}
?>
However when ever I login, it just keeps pushing me back to whoops.php, even tho the login details are correct. Do you know what I am doing wrong?
Thanks again
Ben