Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4

Thread: Sessions

  1. #1
    New Coder
    Join Date
    Aug 2006
    Posts
    97
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Sessions

    Hey, i saw there was another thread about sessions, but i thought it would be best not to hijack his thread.

    Anyway, I have a password for my site, which passes the user onto another page to edit the content, but i need some help with sessions so that i can stop people from directly accessing the edit page.

    But all the examples i have seen dont go this far with the sessions, and i dont know where to go from here.

    Cheers for any help

  • #2
    New Coder
    Join Date
    Oct 2006
    Posts
    82
    Thanks
    3
    Thanked 0 Times in 0 Posts
    What you seem to be asking for sounds quite simple, but you say you can't find it in any examples so maybe I am wrong about what exactly it is you want.

    I'll just assume you have two pages, a login page and an edit page, and you don't want anyone to be able to access the edit page unless they have logged in with the correct details?

    So to begin with I would put this at the very top of the edit page...

    PHP Code:
    <?php

           
    IF(!isset($_SESSION['loggedin']))
              {
                  
    header("location:loginPage.php");
              }

    ?>
    So in other words if the session variable 'loggedin' has not been given a value (which it won't have if they haven't logged in) then the page will redirect them back to the login page instead of showing them the rest of the edit page.

    Now all you have to do is give $_SESSION['loggedin'] a value if the user logs in with the right username and password.

    Assuming you know how to check the database for the correct username and password you would just have to say something along the lines of...

    PHP Code:

    $username 
    $_POST['username'];
    $password $_POST['password'];

    $query "SELECT * FROM database WHERE username = '$username' AND password = '$password'";

    $result mysql_query($query);

    $rowCount mysql_num_rows($result);

          IF(
    $rowCount 0)
             {
                
    $_SESSION['loggedin'] = 1;
                
    header("location:editPage.php");
             }
         ELSE
             {
                
    //wrong username and password
             

    That should work, assuming your form action is set to <?php echo $PHP_SELF; ?> and the username and password input fields are set to name="username" and name="password".

  • #3
    New Coder
    Join Date
    Aug 2006
    Posts
    97
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by littlejones View Post
    What you seem to be asking for sounds quite simple, but you say you can't find it in any examples so maybe I am wrong about what exactly it is you want.

    I'll just assume you have two pages, a login page and an edit page, and you don't want anyone to be able to access the edit page unless they have logged in with the correct details?

    So to begin with I would put this at the very top of the edit page...

    PHP Code:
    <?php

           
    IF(!isset($_SESSION['loggedin']))
              {
                  
    header("location:loginPage.php");
              }

    ?>
    So in other words if the session variable 'loggedin' has not been given a value (which it won't have if they haven't logged in) then the page will redirect them back to the login page instead of showing them the rest of the edit page.

    Now all you have to do is give $_SESSION['loggedin'] a value if the user logs in with the right username and password.

    Assuming you know how to check the database for the correct username and password you would just have to say something along the lines of...

    PHP Code:

    $username 
    $_POST['username'];
    $password $_POST['password'];

    $query "SELECT * FROM database WHERE username = '$username' AND password = '$password'";

    $result mysql_query($query);

    $rowCount mysql_num_rows($result);

          IF(
    $rowCount 0)
             {
                
    $_SESSION['loggedin'] = 1;
                
    header("location:editPage.php");
             }
         ELSE
             {
                
    //wrong username and password
             

    That should work, assuming your form action is set to <?php echo $PHP_SELF; ?> and the username and password input fields are set to name="username" and name="password".
    awesome.... that has made it much easier to understand.

    cheers for your help

  • #4
    New Coder
    Join Date
    Oct 2006
    Posts
    82
    Thanks
    3
    Thanked 0 Times in 0 Posts
    No problem, glad I could help!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •