Mahdi Posted May 4, 2012 Share Posted May 4, 2012 (edited) In the name of GODHello guys:I want to limite some links to non-members , I use php and mysql .what should i do ?I have searched a lot about it but there is no answer!Please help me guys.Thank you.------------------------------------my result page <?php $host = ""; $user = ""; $pass = ""; $database=""; $con=mysql_connect($host,$user,$pass); if(!$con) { die ( "error" . mysql_error()); } mysql_select_db($database,$con); $name="$_POST[username]"; $result=mysql_query("SELECT * FROM Persons"); while($row = mysql_fetch_array($result)) { if ($row['LastName'] == $_POST['password'] && $row['FirstName'] == $_POST['username']) { header ("Location: Official.php");} } ?> Edited May 4, 2012 by Mahdi Link to comment Share on other sites More sharing options...
Mahdi Posted May 4, 2012 Author Share Posted May 4, 2012 In the name of GODHello guys:I want to limite some links to non-members , I use php and mysql .what should i do ?I have searched a lot about it but there is no answer!Please help me guys.Thank you. Link to comment Share on other sites More sharing options...
birbal Posted May 4, 2012 Share Posted May 4, 2012 how do you identify your member? Link to comment Share on other sites More sharing options...
Mahdi Posted May 4, 2012 Author Share Posted May 4, 2012 Hi birbal Thank you for your suguestion but I have adjusted all the setting besed on mysql please say me if you have solutionI like Hindi Link to comment Share on other sites More sharing options...
birbal Posted May 4, 2012 Share Posted May 4, 2012 (edited) i mean in your website how do you identify registerted user? when user login generaly it generaly set a session to mark the user as authenticated. after that you need to check that session variable existance using http://php.net/isset isset() function. if it does not exist you can assume it as non member and dont show the links. Edited May 4, 2012 by birbal Link to comment Share on other sites More sharing options...
Mahdi Posted May 4, 2012 Author Share Posted May 4, 2012 (edited) thanke you birbal but i have never used $_session() in my web site .do not be a problem?do not put code in my result page?-----------------------------------------------my result page<?php$host = "";$user = "";$pass = "";$database="";$con=mysql_connect($host,$user,$pass);if(!$con){die ( "error" . mysql_error());}mysql_select_db($database,$con);$name="$_POST[username]";$result=mysql_query("SELECT * FROM Persons");while($row = mysql_fetch_array($result)){if ($row['LastName'] == $_POST['password'] && $row['FirstName'] == $_POST['username']){header ("Location: Official.php");}}?> Edited May 4, 2012 by Mahdi Link to comment Share on other sites More sharing options...
birbal Posted May 4, 2012 Share Posted May 4, 2012 you cant accomplish that without using session. you should take a look into http://w3schools.com/php/php_session.asp first Link to comment Share on other sites More sharing options...
Mahdi Posted May 4, 2012 Author Share Posted May 4, 2012 $_SESSION should be used for first of all pages or just for result page ? Link to comment Share on other sites More sharing options...
Ingolme Posted May 4, 2012 Share Posted May 4, 2012 The session is opened on all pages, and you check the $_SESSION variable for values that you want. Link to comment Share on other sites More sharing options...
Mahdi Posted May 4, 2012 Author Share Posted May 4, 2012 thanke you Moderator , show me any example?please make an example Link to comment Share on other sites More sharing options...
Ingolme Posted May 4, 2012 Share Posted May 4, 2012 There are examples in the tutorials. But here's a simple example: Login.php <?phpsession_start() // This goes at the very beginning of every page // Log the user in if(/* Username and password match */) { $_SESSION['logged_in'] = true;}?> Any other page: <?phpsession_start();?><?php if(isset($_SESSION['logged_in'])) && $_SESSION['logged_in']) { echo '<a href="url">Secret link</a>'; }?> Link to comment Share on other sites More sharing options...
Mahdi Posted May 5, 2012 Author Share Posted May 5, 2012 (to creating a session for limit links)which part of following code is wrongthis page is for comparing users data ------------------------------------------------------------check.php<body > <?php $host = ""; $user = ""; $pass = ""; $database=""; $con=mysql_connect($host,$user,$pass); if(!$con) { die ( "error" . mysql_error()); } mysql_select_db($database,$con); $name="$_POST[username]"; $result=mysql_query("SELECT * FROM Persons"); $row = mysql_fetch_array($result); if ($row['LastName'] == $_POST['password'] && $row['FirstName'] == $_POST['username']) { session_start(); $_SESSION['logged_in']=true; header ( 'Location : dow.php'); } else { echo "false" ; } ?></body> </html> Link to comment Share on other sites More sharing options...
Ingolme Posted May 5, 2012 Share Posted May 5, 2012 You should have the session_start() at the very beginning of your script. The problem here is the location header. You should use session_write_close() before sending location headers. Another thing is that the location header requires an absolute URL. While some browsers accept relative URLs it is incorrect. session_write_close();header ('Location : http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/dow.php'); Be sure to check that $_SESSION['logged_in'] is true on the dow.php file. Link to comment Share on other sites More sharing options...
birbal Posted May 5, 2012 Share Posted May 5, 2012 (edited) and also you have a problem in logic of user password checking there. It will now get the only first row of the resultset when you fetch that not the ceredintial of pariticular user. you have to add a where caluse after the query to get any paritcular user and check his password against the user inputed password. also you want to take a look into http://php.net/mysql...l_escape_string for safe querying. also you dont need quote around $_POST['var] when you assign it to other variable Edited May 5, 2012 by birbal Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now