If User Hasn't Logged In Don't Show Page

tomyknoker · 02-25-2008, 10:33 PM

I am editing a site where the person has set it up so even though pages can't be viewed, there is no session checking... This is what is currently is there...

PHP Code:


			
<?php 

    if($_SESSION['session_started'] != "TRUE")

    session_start();

?>

I changed it to the following but it just keeps re-directing to the welcome.htm page...

PHP Code:


			
<?php 

    if($_SESSION['user_logged'] != "TRUE")

    header('Location: welcome.htm');

?>

Fumigator · 02-25-2008, 10:44 PM

The $_SESSION global array won't exist unless you have session_start() at the top of the script.

tomyknoker · 02-25-2008, 10:45 PM

So like so:

PHP Code:


			
<?php  
    if($_SESSION['user_logged'] != "TRUE")
    session_start(); 
    header('Location: welcome.htm'); 
?>

Andrew Johnson · 02-25-2008, 10:48 PM

No, like this:

PHP Code:


			
<?php  
    session_start(); 
    if($_SESSION['user_logged'] != "TRUE")
    header('Location: welcome.htm'); 
?>

session_start(); should always be the first thing you do, unless of course one of your sessions in an object, then you need to define that object's class first - but I doubt you'll have to worry about that for quite some time

meth · 02-25-2008, 10:54 PM

Try:

PHP Code:


			


<?php 

    if(!isset($_SESSION)) session_start();

    if(!$_SESSION['user_logged']) header('Location: welcome.htm');    

?>

Of course this will only work providing that your logon script declares the var $_SESSION['user_logged'] with a boolean value properly. If the user has logged, $_SESSION['user_logged'] = TRUE; else $_SESSION['user_logged'] = FALSE.

Check your logon script...

Fumigator · 02-25-2008, 11:44 PM

Quote:

Originally Posted by meth

Try:

PHP Code:


			


<?php 

    if(!isset($_SESSION)) session_start();

    if(!$_SESSION['user_logged']) header('Location: welcome.htm');    

?>

Of course this will only work providing that your logon script declares the var $_SESSION['user_logged'] with a boolean value properly. If the user has logged, $_SESSION['user_logged'] = TRUE; else $_SESSION['user_logged'] = FALSE.

Check your logon script...

That first "if" statement will never be "false", so you may as well just code session_start();.

meth · 02-26-2008, 04:35 AM

PHP Code:


			
<?php

$session_msg = (!isset($_SESSION)) ? 'session not set': 'session set';

echo $session_msg;

?>

output = session not set

PHP Code:


			
<?php

session_start();

$session_msg = (!isset($_SESSION)) ? 'session not set': 'session set';

echo $session_msg;

?>

output = session set

session_start() always returns true. The test isset($_SESSION) can go either way.

Fumigator · 02-26-2008, 06:08 AM

I took issue with checking isset($_SESSION) before the session_start() function was called (which seems to be what the OP is getting hung up on), that's all

meth · 02-26-2008, 06:16 AM

and if you "just use session_start()", you'll cause another error if it has already been called in an include; hence it's safer to call session_start() after the test for $_SESSION being set. Best to provide solutions that wont introduce new errors.

Fumigator · 02-26-2008, 06:20 AM

I guess if your includes are unknown black boxes, that's valid. Personally I keep an eye on what I include...

meth · 02-26-2008, 06:30 AM

Personally I don't give a toss about your includes. I'd prefer not to make assumptions about the questioner's entire site based on a 3 line snippet.