Password script ..how to protect pages?
Posted: Thu Jan 19, 2006 2:07 pm
feyd | Please use
This is what the form calls to activate.
So what "exactly" do my protected pages need in terms of PHP to only allow
logged in viewers access?
I would appreciate any help.
Thanks
THX1138
feyd | Please use
Code: Select all
andCode: Select all
tags where appropriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
OK.. I am not a PHP coder but more like a generic guy who can make web pages and "Play" with codes.
I have used a tutorial to make a simple passsword login form to allow users into a different part of a
website. However, the tutorial does not show how to actually "Protect" the pages that you want secure...
Lame I know...
Here is the code for the login ( it all works and I already have the database set up as well )Code: Select all
<?php require_once('Connections/herewego.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "dldmain/dldmain.php";
$MM_redirectLoginFailed = "invalid.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_herewego, $herewego);
$LoginRS__query=sprintf("SELECT user, user FROM test WHERE user='%s' AND user='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $herewego) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
HTML stuff goes here....This is what the form calls to activate.
Code: Select all
<form name='form1' id='login' method='post' action="<?php echo $loginFormAction; ?>">So what "exactly" do my protected pages need in terms of PHP to only allow
logged in viewers access?
I would appreciate any help.
Thanks
THX1138
feyd | Please use
Code: Select all
andCode: Select all
tags where appropriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]