Login Session help

PRodgers4284

02-17-2008, 12:33 PM

I need a way of stoping a user on my website from accessing protected pages if they are not logged in, can anyone help? Im using the following code at the start of each page.

<?php
session_start();
include("database.php");
include("loginemployer.php");
?>

bazz

02-17-2008, 12:36 PM

you will need to add a few lines to the top of your script which check for a session. if it exists, go to the page. if not, redirect to login. I don't know the code, coz I use perl but, try googling for 'php sessions tutorials'.

bazz

PRodgers4284

02-17-2008, 12:37 PM

PRodgers4284

02-17-2008, 02:22 PM

Ive tried the code below but it doesnt same to work, not sure if im using the redirect header correctly

if (!SESSION_username) {
Header("Location: index2.php");
}

rafiki

02-17-2008, 02:47 PM

if(!isset($_SESSION['username'])){
header("Location: /Login.php");
}
try this?

PRodgers4284

02-17-2008, 02:51 PM

if(!isset($_SESSION['username'])){
header("Location: /Login.php");
}
try this?

Got it working there thanks

used this

if( empty($_SESSION['username']) )
{
header("location: index2.php");
}

bazz

02-17-2008, 06:12 PM

Well as you have seen. there are three session states,

exists,
empty
doesn't exist

You need to consider which states you need to check for. I think normally scripts check for 'isset' which looks for both empty and not empty sessions. remember just because session is empty doesn't mean it isn't set and so, a user can be logged in already but with an empty session. better to check for isset.

bazz

PRodgers4284

02-17-2008, 06:15 PM