So certain pages are only available if you log in but if you enter the url of the page you can see it without logging in.
I know i can solve this problem be adding this code:
Code: Select all
if(isset($_SESSION['signed_in']) != true)
{
//the user is not signed in
echo 'Sorry, you have to be <a href="/musicwebsite/signin.php">signed in</a> to view this page.';
}
else
{
//rest of code
}
is there anyway to solve this or will i have to convert all html code to php?
here is an example of a page with php and html:
Code: Select all
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252" />
<title>Products</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="main_container">
<div id="header">
<div class="logo">
<a href="index.php"><img src="images/logo.gif" alt="" title="" border="0" /></a>
</div>
</div>
<?php
@$db = new mysqli( 'localhost', 'root', "", 'k00127082');
if (mysqli_connect_errno()) {
echo 'error connecting to db';
exit;
}
$query = "SELECT * from products";
$result = $db->query($query);
$num_results = $result->num_rows;
//echo 'Number of products found : <strong>' . $num_results . '</strong><br><br>';
?>
<div id="userbar">
<?php
include 'userbar.php';
?>
</div>
<div id="main_content">
<div class="center_content">
<div id="menu_tab">
<ul class="menu">
<li><a href="index.php" class="nav"> home </a></li>
<?php
if(isset($_SESSION['signed_in']) == true && $_SESSION['userLevel'] == 0)
{
echo "<a class=\"nav\" href=\"/musicwebsite/about.php\">about us</a>
<a class=\"nav_selected\" href=\"/musicwebsite/products.php\">products</a>
<a class=\"nav\" href=\"/musicwebsite/contact.php\">contact us</a>";
}
if(isset($_SESSION['signed_in']) == true && $_SESSION['userLevel'] == 1)
{
echo "<a class=\"nav\" href=\"/musicwebsite/about.php\">about us</a>
<a class=\"nav_selected\" href=\"/musicwebsite/products.php\">products</a>
<a class=\"nav\" href=\"/musicwebsite/contact.php\">contact us</a>
<a class=\"nav\" href=\"/musicwebsite/managesite.php\">manage site</a> ";
}
?>
</ul>
</div>
<div class="categories_products">
<div class="title">
<p><img src="images/title_products.gif" alt="" title="" />
<form action ='search.php' method='post'>
Search for product:<input type ="text" name="term" />
price:<select name="secondterm" id="secondterm">
<option value="100">1-200</option>
<option value="300">200-400</option>
<option value="700">500-800</option>
<option value="900">800-1000</option>
<option value="1000">1000-2000</option>
</select>
<input type="submit" name="submit" value="Search" />
</form>
<div class="prod_box">
<div class="prod_details">
<table width="650" border="2">
<tr>
<!-- <th>Product Number</th> -->
<th>Product Description</th>
<!-- <th>Quantity On Hand</th> -->
<th>Price</th>
<th>Image</th>
<?php
if(isset($_SESSION['signed_in']) == true && $_SESSION['userLevel'] == 1)
{
echo "
<th>UPDATE</th>
<th>DELETE</th> ";
}
?>
</tr>
<?php
for ($i=0; $i < $num_results; $i++)
{
$row = $result->fetch_object();
$propID = $row->id;
$product_name = $row->product_name;
$product_description = $row->product_description;
$quantity_on_hand = $row->quantity_on_hand;
$price = $row->price;
$image = $row->image;
$formattedPrice = number_format($price, 2, '.', ',');
echo '<tr>';
echo "<td>$product_description</td>";
echo "<td>€$formattedPrice</td>";
echo "<td><a href='datadrilldown.php?propID=$propID'><img src='images/$image'/></td>";
if(isset($_SESSION['signed_in']) == true && $_SESSION['userLevel'] == 1)
{
echo "<td><a href='updateform.php?propID=$propID'>Update Product</a></td>";
echo "<td><a href='deleteform.php?propID=$propID'>Delete Product</a></td>";
echo '<tr>';
}
}
echo '</table>';
//$result->free();
$db->close();
?>
</div>
</div>
<div class="clear"></div>
</div>
</div>
</div>
<div id="footer">
<div class="left_footer"><img src="images/footer_logo.gif" alt="" title="" /></div>
<div class="right_footer"><a href="http://csscreme.com/freecsstemplates/" title="free css templates"><img src="images/csscreme.gif" alt="free css templates" border="0" /></a></div>
</div>
</div>
</body>
</html>