Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts

    restricting access

    at the moment i use this to restirct only let logged on people to view the page

    <?php if($logged[username])
    {
    //Logged in code
    }else
    {
    //Not logged in code
    } ?>

    but i was wondering if there was a better way of doing this?

  • #2
    Senior Coder TheShaner's Avatar
    Join Date
    Sep 2005
    Location
    Orlando, FL
    Posts
    1,126
    Thanks
    2
    Thanked 40 Times in 40 Posts
    For my sites, I use sessions and at the top of each page, I first do the normal session_start() and then:
    PHP Code:
    if(!isset($_SESSION['user'])) header("Location: http://mysite.com/login.php?err=login"); 
    This just redirects the user to the login page if they're not logged in and the login page catches the error that they're not logged in, thus displaying a message like "You must be logged in". This method prevents having to if/else every page. You could even just put this session info into a separate PHP page and make it required at the top of every page that needs a login.

    -Shane

  • #3
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts
    humm ok so what woul my session_user be??

    at the moment i have set it so when a user logs in there login session are set liek so

    PHP Code:
    //sets the logged session
    $_SESSION['id'] = "$user[id]";
    $_SESSION['password'] = "$user[password]"

  • #4
    Senior Coder TheShaner's Avatar
    Join Date
    Sep 2005
    Location
    Orlando, FL
    Posts
    1,126
    Thanks
    2
    Thanked 40 Times in 40 Posts
    Substitute my $_SESSION['user'] for your $_SESSION['id'].

    On a side note, it's not wise to store a password in a session, or really anywhere but your DB for that matter. It's more secure to always make passwords non-retrievable. If a user needs their password, like an email validation script, you should send them an email with a link to create a new password.

    -Shane

  • #5
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts
    ok i tried it but it redirects me to my error page if im logged in or not :S

    PHP Code:
    <?php if(!isset($_SESSION['id'])) header("Location: http://www.runningprofiles.com/error.php");?><?php  
    session_start
    (); 
        require_once 
    '../config.php';
            

    include (
    "../header.php");  
    ?>
    <style type="text/css">
    <!--
    body {
        margin-left: 1px;
        margin-top: 1px;
        margin-right: 1px;
        margin-bottom: 1px;
    }
    -->
    </style> 

    <table width="100%" cellpadding="0" bgcolor="#FFFFFF" colspan='0'>
    <tr>
            <td  width="11%" height="505" align="left" valign="top"><table width="100%" height="505" align="left" cellpadding="0" bgcolor="#D6E0E0">
        <tr>
            <td width="9%" height="58" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><p>Menu</p>
              <p><a href="index.php?page=update"><img src="http://www.runningprofiles.com/images/editprofile.jpg"  alt="editprofile" border="0" /></a></p>
              <p><? //if($id == 1){ echo "<a href=\"admin/index.php\">Admin Index</a>\n";}?></p>        </td>
        </tr>
        <tr>
                <td height="361" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><p><a href="http://www.runningprofiles.com/logout.php">Logout</a> </p>
                <p><a href="http://www.runningprofiles.com/members">Home</p></td>
        </tr>         
    </table></td>
    <td width="80%" align="left" valign="top">
    <? $page $_GET['page'];
                        if (
    ereg('[A-Za-z0-9]',$page) ) {
                            if (
    file_exists('include/'.$page.'.php')) {
                                include(
    'include/'.$page.'.php');
                            } else {
                                include(
    'include/main.php');
                            }
                       } else {
                                include(
    'include/main.php');
                        }
    ?></td>
    <td width="9%" align="center" valign="top" bgcolor="#D6E0E0"> online</td>
      </tr>      
    </table>
    </td>
    </tr>
    </table>
    </td>
    </tr>
    </table>
    <?php

    ob_end_flush
    ();

    ?>

  • #6
    Senior Coder TheShaner's Avatar
    Join Date
    Sep 2005
    Location
    Orlando, FL
    Posts
    1,126
    Thanks
    2
    Thanked 40 Times in 40 Posts
    Quote Originally Posted by runnerjp View Post
    ok i tried it but it redirects me to my error page if im logged in or not :S

    PHP Code:
    <?php if(!isset($_SESSION['id'])) header("Location: http://www.runningprofiles.com/error.php");?><?php  
    session_start
    (); 
    ...
    1. session_start(); should always be the first line of your page.
    2. It's redirecting you to your error page because that's what you set in your header. You put http://www.runningprofiles.com/error.php as the redirect address. Instead, redirect to your login.


    If your page is supposed to display alternate data rather than redirect, you should use what you were doing before:
    PHP Code:
    if(isset($_SESSION['id']))
    {
        
    // Logged in users see this
    }
    else
    {
        
    // Not logged in users see this

    -Shane


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •