Ragnos Posted April 28, 2007 Share Posted April 28, 2007 I want to make a members area on my site wich consists of multiple pages wich should only be accesible by members who logged in.I know how to make a login script and redirect to the 'main' members page if the password and username are correct, but what if someone types the url of the members page in their browser? How do I check if they logged in? I have seen some sites where you get a pop-up box wich looks like a javascript pop-up box with a field for a username and a password when you try to enter the site without having logged in, but I have also read something about checking a session and redirecting to the login page. What is the best way to do this and how do you do it using the best way? Link to comment Share on other sites More sharing options...
msd Posted April 28, 2007 Share Posted April 28, 2007 You need to store some information in session, and on each password protected page check if the session exists. If it does, let the user see the page. Link to comment Share on other sites More sharing options...
Ragnos Posted April 28, 2007 Author Share Posted April 28, 2007 Can you give an example of how to do this? Link to comment Share on other sites More sharing options...
Anders Moen Posted April 28, 2007 Share Posted April 28, 2007 First you have to set the sessions; <?phpif ($_POST['login'] AND $_POST['username'] == 'admin' AND $_POST['password'] == 'adminpassword') {$_SESSION['name_on_session'] = TRUE;$_SESSION['username'] = $_POST['username'];}if ($_SESSION['name_on_session']) {echo 'Welcome back, ' . $_SESSION['username'];}else {?><form action="" method="post"><p>Username:<br /><input type="text" name="username" /></p><p>Password:<br /><input type="password" name="password" /></p><p><input type="submit" name="login" value="Login" /></p></form><?php}?> The username is admin and the password is adminpassword here. I couldn't be bothered to write a login script that uses MySQL-database. Here's one in just PHP.Hope you get it :)Edit:I think something's wrong in the if post code (on the top) is wrong, because I'm not used to doing more than only one post lol Link to comment Share on other sites More sharing options...
msd Posted April 28, 2007 Share Posted April 28, 2007 The following is only a small idea.When user logs in, create a session called "loged" and set its value to "1". <?session_start();$_SESSION["loged"] = "1";?> Create a php file called "verify.php". <?phpsession_start();if(empty($_SESSION['loged'])){ header("Location: login.php"); exit();}?> The "logout.php" file: <?phpsession_start();$_SESSION['loged'] = NULL;$_SESSION = array();session_destroy();header("Location: index.php");exit();?> Link to comment Share on other sites More sharing options...
Ragnos Posted April 28, 2007 Author Share Posted April 28, 2007 The following is only a small idea.When user logs in, create a session called "loged" and set its value to "1".<?session_start();$_SESSION["loged"]= "1";?> Create a php file called "verify.php". <?phpsession_start();if(empty($_SESSION['loged'])){ header("Location: login.php"); exit();}?> The "logout.php" file: <?phpsession_start();$_SESSION['loged'] = NULL;$_SESSION = array();session_destroy();header("Location: index.php");exit();?> So if I do it like that I can be sure that noone can enter the protected pages without having logged in first? Link to comment Share on other sites More sharing options...
msd Posted April 28, 2007 Share Posted April 28, 2007 In a normal way, like typing the address of that page in the address bar, you can be sure no one will have access to those pages.But I strongly recommend you to read more about security in PHP. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.