How to limite links to non-member in php

[Mahdi]

In the name of GODHello guys:I want to limite some links to non-members , I use php and mysql .what should i do ?I have searched a lot about it but there is no answer!Please help me guys.Thank you.------------------------------------my result page <?php $host = ""; $user = ""; $pass = ""; $database=""; $con=mysql_connect($host,$user,$pass); if(!$con) { die ( "error" . mysql_error()); } mysql_select_db($database,$con); $name="$_POST[username]"; $result=mysql_query("SELECT * FROM Persons"); while($row = mysql_fetch_array($result)) { if ($row['LastName'] == $_POST['password'] && $row['FirstName'] == $_POST['username']) { header ("Location: Official.php");} } ?>

Edited May 4, 2012 by Mahdi

[Mahdi]

In the name of GODHello guys:I want to limite some links to non-members , I use php and mysql .what should i do ?I have searched a lot about it but there is no answer!Please help me guys.Thank you.

[birbal]

how do you identify your member?

[Mahdi]

Hi birbal Thank you for your suguestion but I have adjusted all the setting besed on mysql please say me if you have solutionI like Hindi

[birbal]

i mean in your website how do you identify registerted user? when user login generaly it generaly set a session to mark the user as authenticated. after that you need to check that session variable existance using http://php.net/isset isset() function. if it does not exist you can assume it as non member and dont show the links.

Edited May 4, 2012 by birbal

[Mahdi]

thanke you birbal but i have never used $_session() in my web site .do not be a problem?do not put code in my result page?-----------------------------------------------my result page<?php$host = "";$user = "";$pass = "";$database="";$con=mysql_connect($host,$user,$pass);if(!$con){die ( "error" . mysql_error());}mysql_select_db($database,$con);$name="$_POST[username]";$result=mysql_query("SELECT * FROM Persons");while($row = mysql_fetch_array($result)){if ($row['LastName'] == $_POST['password'] && $row['FirstName'] == $_POST['username']){header ("Location: Official.php");}}?>

Edited May 4, 2012 by Mahdi

[birbal]

you cant accomplish that without using session. you should take a look into http://w3schools.com/php/php_session.asp first

[Mahdi]

$_SESSION should be used for first of all pages or just for result page ?

[Ingolme]

The session is opened on all pages, and you check the $_SESSION variable for values that you want.

[Mahdi]

thanke you Moderator , show me any example?please make an example

[Ingolme]

There are examples in the tutorials. But here's a simple example: Login.php

<?phpsession_start() // This goes at the very beginning of every page // Log the user in if(/* Username and password match */) {    $_SESSION['logged_in'] = true;}?>

Any other page:

<?phpsession_start();?><?php    if(isset($_SESSION['logged_in'])) && $_SESSION['logged_in']) {	    echo '<a href="url">Secret link</a>';    }?>

[Mahdi]

(to creating a session for limit links)which part of following code is wrongthis page is for comparing users data ------------------------------------------------------------check.php<body > <?php $host = ""; $user = ""; $pass = ""; $database=""; $con=mysql_connect($host,$user,$pass); if(!$con) { die ( "error" . mysql_error()); } mysql_select_db($database,$con); $name="$_POST[username]"; $result=mysql_query("SELECT * FROM Persons"); $row = mysql_fetch_array($result); if ($row['LastName'] == $_POST['password'] && $row['FirstName'] == $_POST['username']) { session_start(); $_SESSION['logged_in']=true; header ( 'Location : dow.php'); } else { echo "false" ; } ?></body> </html>

[Ingolme]

You should have the session_start() at the very beginning of your script. The problem here is the location header. You should use session_write_close() before sending location headers. Another thing is that the location header requires an absolute URL. While some browsers accept relative URLs it is incorrect.

session_write_close();header ('Location : http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/dow.php');

Be sure to check that $_SESSION['logged_in'] is true on the dow.php file.

[birbal]

and also you have a problem in logic of user password checking there. It will now get the only first row of the resultset when you fetch that not the ceredintial of pariticular user. you have to add a where caluse after the query to get any paritcular user and check his password against the user inputed password. also you want to take a look into http://php.net/mysql...l_escape_string for safe querying. also you dont need quote around $_POST['var] when you assign it to other variable

Edited May 5, 2012 by birbal