...

View Full Version : Stopping Just Anyone From Viewing Pages



tomyknoker
03-13-2007, 08:55 PM
Hi all,

Ok well I set up a username/password scenario and was able to get it to work and the add the header to the main.php page, which loaded if the user/pass is correct. But then I realised I can access any of the pages just by typing in the link directly... What do I need to add, so that if people link to the page they need to login first...???

aedrin
03-13-2007, 09:02 PM
If you're using Apache you can set up an .htaccess file, or setup a check in a .php file and include that in each file, depending on your situation.

mlseim
03-13-2007, 09:12 PM
Tomy ...

Coincidently, I just saw this on another forum:

=========================================

Simple use of sessions ...

1)
Your user inputs a username and password on a form,
which calls a PHP script named "login.php"

2)
That "login.php" script looks something like this:



<?php
session_start();

//variables from your HTML log-in form.
$pass = $_POST['pass'];
$name = $_POST['name'];

//this part, you check your database for the correct password ...
//not sure how you do that, but if the variables $pass and $name
//match your database, then register the session with a $userid, or
//something from your database that identifies the user.

if($pass === "the correct password"){
session_register(user);
$user = $userid;
$flag = 1;
}
else{
$flag = 0;
}

//this part can goto an admin page or do something if
//the user is logged-in. Otherwise, it can return back to
//your HTML form with or without an error message ...
//however you want to do that.

if($flag==1){
header ("location: admin.php");
}
else{
$mess="<h2>Sorry, we cannot find that member ...</h2>";
header ("location: myform.php?mess=$mess");
}
?>



Now, on every other PHP page you have, you start with this.
It checks the user session to see if $user has been set (they are logged-in).
It can drop through (do nothing) and display the page, or it will see that
the user is not logged-in and return back to the main page ...



<?php
session_start();
if(session_is_registered("user")){
//do nothing
}
else{
header ("location: index.php");
}

the rest of your page here

?>



To log-out, the user closes their browser or this script is executed:



<?php
if(session_start()){
session_destroy();}
header ("location: index.php");
?>

Nightfire
03-13-2007, 09:43 PM
The example above should use



$_SESSION['user'] = true;

and


if(isset($_SESSION['user'])){
instead of


session_register(user);

and


if(session_is_registered("user")){

as it is depreciated

mlseim
03-13-2007, 11:29 PM
Nightfire ....

Thanks .... I see those things (and do them myself) all the time.
I guess I'm lazy not to use current scripting. For those reading
this that are beginning PHP, start developing good habits.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum