06-22-2002, 09:07 PM
I'm making a site where members can log on to certain pages. They must first enter their membernumber and password (which is stored in a mysql database) in a html-form to get acces to these pages. They then get redirected to the pages which is only available to members. The problem is that if someone types the url which the members get redirected to directly into the browser, he can access the member-pages too. How can I check if someone that is using the member-pages has logged in?
I've tried a database lookup on membernumber and password on each page the members enters. The problem is that i'm "loosing" theese values if the member clicks on a link to a different page. Any ideas a appreciated.
06-22-2002, 10:07 PM
ah the wonder of sessions! sesions variables are kept in a folder called sessions on the server and are user to keep track of variables when a user is in your site. they are destoyed when the user quts his browser.
put this code at the end of the login script, just before the script redircts the user to your page
//please correct me here guy, i alwasys screw somethin up
$logged = 1; // meaning yes of course
then put this at the beggining of every page you want to protect (or save it in a sepeate and use "require('check.php');" )
if (isset $_SESSION['logged'] && $_SESSION['logged'] ==1)
hope that helps
06-22-2002, 10:29 PM
thanks for the tip :)
but I get a parserror on the part:
i get no parseerror if I remove the '==1' like this:
06-22-2002, 10:34 PM
ok it worked like this:
if (isset($_SESSION['logged']) && (isset($_SESSION['logged'])==1))
06-22-2002, 10:41 PM
oh yeah. i always screw up my code with these things :p as you can see sessions are very usefull and a tip to everybody is get the PHP manual in chm format (help file made with html).
06-22-2002, 11:28 PM
06-23-2002, 11:32 AM
I get a strange error when handling sessions this way. It seems that you have to log in twice to make it work. The first time you log in you get redirected to the login page again. The second time it all works well. Any ideas why?
06-23-2002, 12:04 PM
ok it works :)
when I redirect the user to the memberpages after logging in I used 'require'. Then the user had to log in twice. If I use 'header' to redirect it works ok. Strange......
06-23-2002, 12:13 PM
If you still redirect them, then what's the point?!