Re: secring multiple pages
Posted: Tue Jan 25, 2011 10:53 am
http://www.google.co.za/search?hl=af&q= ... php+notice
Have a look at this url. Hth
Have a look at this url. Hth
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
social_experiment wrote:Yes that is refered to as an 'auth' page (unofficialy probably). You set some session variables when you login and then the 'auth' page checks if these values are set each time a 'protected' page is accessed. If the conditions are not met, the user is probably NOT logged in and trying to access the pages incorrectly, and invalidly and they are redirected to a page of your choice.HthCode: Select all
<?php session_start(); if ( !isset($_SESSION['member_id']) || trim($_SESSION['member_id'] == '') || !isset($_SESSION['member_name']) ) { unset($_SESSION['member_id']); unset($_SESSION['member_name']); header("location: somepage.php"); session_destroy(); exit(); } ?>
Code: Select all
<?php
session_start();
if (!isset($_SESSION['your_variable'])) {
header('location: login_page.php');
exit();
}
?>Code: Select all
<?php include_once('auth.php'); ?>Code: Select all
<?php $_SESSION['lia'] = "$username"; ?>Code: Select all
social_experiment wrote:Thank you for your support.The code that you have on the other pages (home, etc) should be inside the 'auth' page. The reason for this is that you include this page so you don't have to write your check at the top of each page.Whitout this the page still redirects into the auth page. The only problem is after the login using the auth.php, still it redirects to the login.php even if i click another page which is inside the home page. I am running out of thoughts.Code: Select all
<?php include_once('auth.php'); ?>![]()
Regards
Shehan31
session_start();
if (!isset($_SESSION['your_variable'])) {
header('location: login_page.php');
exit();
}
?>[/syntax]
This is an example of the auth page. You then include it on all your other pagesCode: Select all
<?php include_once('auth.php'); ?>Setting of session variables should be done when authentication is completed.Code: Select all
<?php $_SESSION['lia'] = "$username"; ?>
Code: Select all
$username = $_POST['username'];
$password = $_POST['password'];
$sql = mysql_query("SELECT * FROM login WHERE user='$username' AND password='$password'")or die (" error with table");social_experiment wrote:Yes, mysql_real_escape_string() should always be used when accepting user input into a SQL query.