PAGE protection

[vytas]

What's a good way to protect a page ???

[aspnetguy]

can you be more specific? What parts of the page do you want to protect? Images? Scripts?

[boen_robot]

I think he means the page itself. The complete content.There are S3L sessions, HTTP authentications... all having it's advantages and drawbacks.

[vytas]

Well if u have like this forum i can't acces other acounts.How is that done ?

[boen_robot]

PHP Sessions

[vytas]

Il have a look on it.But with sessions can i check if a user has been logged in ?

[MrAdam]

yes ..

if ($_SESSION['is_logged_in']) { ... }

of course straight off this won't work, you'll need to add a script/function to actually log the user in (most common way is to collect the user's username and password then check them in a database), set the session then if you want to ever check if they are logged in, simply use the code above.I've probably explained that very badly. You'll need to look into PHP / MySQL and PHP Sessions!- Good luck!

[vytas]

I see but wy use the sessionI still dont get the session thing i did some research but didn't come to a good conclus

[Mr_CHISOL]

First: I gave you a "good example" in the other thread.The sessions use a sort of cookies that expire after a predefined number of minutes (or never, but that's not recommended) which means that the user is logged out if she/his is inactive too long.Another advantage with sessions is that your job becomes more easy, as the sessions is client speciffic, the information is handled by the browser (and the session-functions..). To accomplish this without sessions you have two options: make youre own cookies (basically the same as using sessions, so ehy make own cookies when sessions does this better...) and keeping track of IPs and when the user acted last.The problem with the last one is many: it's not a fun job, it can be complex etc, but there's a big security problem: diffrent users may use the same IP and this means that two different users will be treated as the same user; the second user can then do anything the first user can do, eaven if he shouldn't be alowed to.Here is also some tutorials:http://www.tizag.com/phpT/phpsessions.phphttp://www.phpfreaks.com/tutorials/20/0.phphttp://www.phptutorial.info/learn/session.php

[vytas]

Srry didn't read the last post u posted I am very srry :)

[MrAdam]

think of sessions as a way of storing more, secure data. You could save the user's username in a session, then access it from a script, and then you have user-custom pages... and they are secure enough not to worry about malicous users trying to retrieve that username, or set their username as someone else.So for example: They type their username and password into a form, you query the database to make sure they have supplied correct details. If so, you set a session with the user's username, or unique id. Then somewhere else in the website (as sessions can be sort of, globally accessed) you retrieve that id/username and use it to generate some dynamic, user-customised output; such as items in a shopping cart, or, their user level to check if they are admin or not!

[Anders Moen]

The master, here's my login script. You insert it to our site, okay? I don't have time as you know...

login.php:<?php//// Copyright Anders Moen// www.andersmoen.hotserv.dk//// connect to database!$db=mysql_connect("localhost", "username", "password"); // remember to change to our host vytas;)mysql_select_db("database_name", $db);	 $user = htmlentities($_POST['user']);	 $pass = htmlentities($_POST['pass']);	 	 $user = mysql_real_escape_string($user);	 $pass = mysql_real_escape_string($pass);	 $query = mysql_query("SELECT user, pass FROM table_name WHERE user = '$user' AND pass = '$pass'");	 	 if(mysql_num_rows($query) == 1 OR $_SESSION['online'] == true ) {	 	 $_SESSION['online'] = true;	 echo "			   Welcome $user!				<br />				<br />				 <a href='logout.php'>Log out</a>				   ";	 }elseif(isset($_POST['user']) && mysql_num_rows($query)== 0) echo "<form action='' method='post'><p>Username</p><input type='text' name='user' /><p>Password:</p><input type='password' name='pass' /><input type='submit' value='Login' /></form>";	 else {	echo "<form action='' method='post'><p>Username</p><input type='text' name='user' /><p>Password:</p><input type='password' name='pass' /><input type='submit' value='Login' /></form>	 ";	 }mysql_close($db);?>some_site_thats_protected.php<?php//// Copyright Anders Moen// www.andersmoen.hotserv.dk//$db=mysql_connect("localhost", "username", "password");mysql_select_db("database_name", $db);	 $user = htmlentities($_POST['user']);	 $pass = htmlentities($_POST['pass']);	 	 $user = mysql_real_escape_string($user);	 $pass = mysql_real_escape_string($pass);	 $query = mysql_query("SELECT user, pass FROM table_name WHERE user = '$user' AND pass = '$pass'");	 	 if(mysql_num_rows($query) == 1 OR $_SESSION['online'] == true ) {	 	 $_SESSION['online'] = true;	 echo "If you see this text, it means <strong>you</strong> are logged in!<br /><br /><a href='logout.php'>Log out</a>				   ";	 }elseif(isset($_POST['user']) && mysql_num_rows($query)== 0) echo "<span style='color: red;'>You are not logged in!</span><br /><form action='' method='post'><p>Username</p><input type='text' name='user' /><p>Password:</p><input type='password' name='pass' /><input type='submit' value='Login' /></form>";	 else {	echo "<span style='color: red;'>You are not logged in!</span><br /><form action='' method='post'><p>Brukernavn</p><input type='text' name='navn' /><p>Passord:</p><input type='password' name='pass' /><input type='submit' value='Logg inn' /></form>	 ";	 }mysql_close($db);?>