Jump to content

How to limite links to non-member in php


Mahdi
 Share

Recommended Posts

In the name of GODHello guys:I want to limite some links to non-members , I use php and mysql .what should i do ?I have searched a lot about it but there is no answer!Please help me guys.Thank you.------------------------------------my result page <?php $host = ""; $user = ""; $pass = ""; $database=""; $con=mysql_connect($host,$user,$pass); if(!$con) { die ( "error" . mysql_error()); } mysql_select_db($database,$con); $name="$_POST[username]"; $result=mysql_query("SELECT * FROM Persons"); while($row = mysql_fetch_array($result)) { if ($row['LastName'] == $_POST['password'] && $row['FirstName'] == $_POST['username']) { header ("Location: Official.php");} } ?>

Edited by Mahdi
Link to comment
Share on other sites

how do you identify your member?

Link to comment
Share on other sites

i mean in your website how do you identify registerted user? when user login generaly it generaly set a session to mark the user as authenticated. after that you need to check that session variable existance using http://php.net/isset isset() function. if it does not exist you can assume it as non member and dont show the links.

Edited by birbal
Link to comment
Share on other sites

thanke you birbal but i have never used $_session() in my web site .do not be a problem?do not put code in my result page?-----------------------------------------------my result page<?php$host = "";$user = "";$pass = "";$database="";$con=mysql_connect($host,$user,$pass);if(!$con){die ( "error" . mysql_error());}mysql_select_db($database,$con);$name="$_POST[username]";$result=mysql_query("SELECT * FROM Persons");while($row = mysql_fetch_array($result)){if ($row['LastName'] == $_POST['password'] && $row['FirstName'] == $_POST['username']){header ("Location: Official.php");}}?>

Edited by Mahdi
Link to comment
Share on other sites

There are examples in the tutorials. But here's a simple example: Login.php

<?phpsession_start() // This goes at the very beginning of every page // Log the user in if(/* Username and password match */) {    $_SESSION['logged_in'] = true;}?>

Any other page:

<?phpsession_start();?><?php    if(isset($_SESSION['logged_in'])) && $_SESSION['logged_in']) {	    echo '<a href="url">Secret link</a>';    }?>

Link to comment
Share on other sites

(to creating a session for limit links)which part of following code is wrongthis page is for comparing users data ------------------------------------------------------------check.php<body > <?php $host = ""; $user = ""; $pass = ""; $database=""; $con=mysql_connect($host,$user,$pass); if(!$con) { die ( "error" . mysql_error()); } mysql_select_db($database,$con); $name="$_POST[username]"; $result=mysql_query("SELECT * FROM Persons"); $row = mysql_fetch_array($result); if ($row['LastName'] == $_POST['password'] && $row['FirstName'] == $_POST['username']) { session_start(); $_SESSION['logged_in']=true; header ( 'Location : dow.php'); } else { echo "false" ; } ?></body> </html>

Link to comment
Share on other sites

You should have the session_start() at the very beginning of your script. The problem here is the location header. You should use session_write_close() before sending location headers. Another thing is that the location header requires an absolute URL. While some browsers accept relative URLs it is incorrect.

session_write_close();header ('Location : http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']) . '/dow.php');

Be sure to check that $_SESSION['logged_in'] is true on the dow.php file.

Link to comment
Share on other sites

and also you have a problem in logic of user password checking there. It will now get the only first row of the resultset when you fetch that not the ceredintial of pariticular user. you have to add a where caluse after the query to get any paritcular user and check his password against the user inputed password. also you want to take a look into http://php.net/mysql...l_escape_string for safe querying. also you dont need quote around $_POST['var] when you assign it to other variable

Edited by birbal
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...