...

View Full Version : restricting access



runnerjp
05-09-2008, 06:19 PM
at the moment i use this to restirct only let logged on people to view the page

<?php if($logged[username])
{
//Logged in code
}else
{
//Not logged in code
} ?>

but i was wondering if there was a better way of doing this?

TheShaner
05-09-2008, 07:22 PM
For my sites, I use sessions and at the top of each page, I first do the normal session_start() and then:

if(!isset($_SESSION['user'])) header("Location: http://mysite.com/login.php?err=login");
This just redirects the user to the login page if they're not logged in and the login page catches the error that they're not logged in, thus displaying a message like "You must be logged in". This method prevents having to if/else every page. You could even just put this session info into a separate PHP page and make it required at the top of every page that needs a login.

-Shane

runnerjp
05-09-2008, 07:29 PM
humm ok so what woul my session_user be??

at the moment i have set it so when a user logs in there login session are set liek so


//sets the logged session
$_SESSION['id'] = "$user[id]";
$_SESSION['password'] = "$user[password]";

TheShaner
05-09-2008, 07:36 PM
Substitute my $_SESSION['user'] for your $_SESSION['id'].

On a side note, it's not wise to store a password in a session, or really anywhere but your DB for that matter. It's more secure to always make passwords non-retrievable. If a user needs their password, like an email validation script, you should send them an email with a link to create a new password.

-Shane

runnerjp
05-09-2008, 07:49 PM
ok i tried it but it redirects me to my error page if im logged in or not :S


<?php if(!isset($_SESSION['id'])) header("Location: http://www.runningprofiles.com/error.php");?><?php
session_start();
require_once '../config.php';


include ("../header.php");
?>
<style type="text/css">
<!--
body {
margin-left: 1px;
margin-top: 1px;
margin-right: 1px;
margin-bottom: 1px;
}
-->
</style>

<table width="100&#37;" cellpadding="0" bgcolor="#FFFFFF" colspan='0'>
<tr>
<td width="11%" height="505" align="left" valign="top"><table width="100%" height="505" align="left" cellpadding="0" bgcolor="#D6E0E0">
<tr>
<td width="9%" height="58" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><p>Menu</p>
<p><a href="index.php?page=update"><img src="http://www.runningprofiles.com/images/editprofile.jpg" alt="editprofile" border="0" /></a></p>
<p><? //if($id == 1){ echo "<a href=\"admin/index.php\">Admin Index</a>\n";}?></p> </td>
</tr>
<tr>
<td height="361" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><p><a href="http://www.runningprofiles.com/logout.php">Logout</a> </p>
<p><a href="http://www.runningprofiles.com/members">Home</p></td>
</tr>
</table></td>
<td width="80%" align="left" valign="top">
<? $page = $_GET['page'];
if (ereg('[A-Za-z0-9]',$page) ) {
if (file_exists('include/'.$page.'.php')) {
include('include/'.$page.'.php');
} else {
include('include/main.php');
}
} else {
include('include/main.php');
}?></td>
<td width="9%" align="center" valign="top" bgcolor="#D6E0E0"> online</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<?php

ob_end_flush();

?>

TheShaner
05-09-2008, 07:56 PM
ok i tried it but it redirects me to my error page if im logged in or not :S


<?php if(!isset($_SESSION['id'])) header("Location: http://www.runningprofiles.com/error.php");?><?php
session_start();
...


session_start(); should always be the first line of your page.
It's redirecting you to your error page because that's what you set in your header. You put http://www.runningprofiles.com/error.php as the redirect address. Instead, redirect to your login.


If your page is supposed to display alternate data rather than redirect, you should use what you were doing before:

if(isset($_SESSION['id']))
{
// Logged in users see this
}
else
{
// Not logged in users see this
}
-Shane



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum