...

View Full Version : Sessions



haveacigar
11-03-2006, 11:21 PM
Hey, i saw there was another thread about sessions, but i thought it would be best not to hijack his thread.

Anyway, I have a password for my site, which passes the user onto another page to edit the content, but i need some help with sessions so that i can stop people from directly accessing the edit page.

But all the examples i have seen dont go this far with the sessions, and i dont know where to go from here.

Cheers for any help

littlejones
11-04-2006, 11:56 AM
What you seem to be asking for sounds quite simple, but you say you can't find it in any examples so maybe I am wrong about what exactly it is you want.

I'll just assume you have two pages, a login page and an edit page, and you don't want anyone to be able to access the edit page unless they have logged in with the correct details?

So to begin with I would put this at the very top of the edit page...



<?php

IF(!isset($_SESSION['loggedin']))
{
header("location:loginPage.php");
}

?>



So in other words if the session variable 'loggedin' has not been given a value (which it won't have if they haven't logged in) then the page will redirect them back to the login page instead of showing them the rest of the edit page.

Now all you have to do is give $_SESSION['loggedin'] a value if the user logs in with the right username and password.

Assuming you know how to check the database for the correct username and password you would just have to say something along the lines of...




$username = $_POST['username'];
$password = $_POST['password'];

$query = "SELECT * FROM database WHERE username = '$username' AND password = '$password'";

$result = mysql_query($query);

$rowCount = mysql_num_rows($result);

IF($rowCount > 0)
{
$_SESSION['loggedin'] = 1;
header("location:editPage.php");
}
ELSE
{
//wrong username and password
}



That should work, assuming your form action is set to <?php echo $PHP_SELF; ?> and the username and password input fields are set to name="username" and name="password".

haveacigar
11-04-2006, 10:42 PM
What you seem to be asking for sounds quite simple, but you say you can't find it in any examples so maybe I am wrong about what exactly it is you want.

I'll just assume you have two pages, a login page and an edit page, and you don't want anyone to be able to access the edit page unless they have logged in with the correct details?

So to begin with I would put this at the very top of the edit page...



<?php

IF(!isset($_SESSION['loggedin']))
{
header("location:loginPage.php");
}

?>



So in other words if the session variable 'loggedin' has not been given a value (which it won't have if they haven't logged in) then the page will redirect them back to the login page instead of showing them the rest of the edit page.

Now all you have to do is give $_SESSION['loggedin'] a value if the user logs in with the right username and password.

Assuming you know how to check the database for the correct username and password you would just have to say something along the lines of...




$username = $_POST['username'];
$password = $_POST['password'];

$query = "SELECT * FROM database WHERE username = '$username' AND password = '$password'";

$result = mysql_query($query);

$rowCount = mysql_num_rows($result);

IF($rowCount > 0)
{
$_SESSION['loggedin'] = 1;
header("location:editPage.php");
}
ELSE
{
//wrong username and password
}



That should work, assuming your form action is set to <?php echo $PHP_SELF; ?> and the username and password input fields are set to name="username" and name="password".
awesome.... that has made it much easier to understand.

cheers for your help

littlejones
11-05-2006, 11:42 PM
No problem, glad I could help! :thumbsup:



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum