Check if user is logged in?

Moman

Hello guys,

I am new to PHP and I thought I want to ask, Say I created a login page and if the user/pass match the datbase one it will proceed to admin.php else it will give you a red error "wrong user / pass " but if I try to access admin.php without login script it also works. What's the way to restrict non-logged in users to see this page?

Regards,
Moman

Markus

Quote:

Originally Posted by Moman

Hello guys,

I am new to PHP and I thought I want to ask, Say I created a login page and if the user/pass match the datbase one it will proceed to admin.php else it will give you a red error "wrong user / pass " but if I try to access admin.php without login script it also works. What's the way to restrict non-logged in users to see this page?

Regards,
Moman

When someone logs in you should set a session
[php]
$_SESSION['logged_in'] = true;
[/php]
then on the admin page you check to see if this is set
[php]
if(isset($_SESSION['logged_in']))
{
# logged in
}
else
{
# not logged in
}
[/php]

Moman

Quote:

Originally Posted by markusn00b

When someone logs in you should set a session
[php]
$_SESSION['logged_in'] = true;
[/php]
then on the admin page you check to see if this is set
[php]
if(isset($_SESSION['logged_in']))
{
# logged in
}
else
{
# not logged in
}
[/php]

Hi Markus,

I tried it and it's still not working - here is my login.php

[php]<?php
$host="localhost";
$username="root";
$password="root";
$db_name="data";
$tbl_name="login";

mysql_connect("$host", "$username", "$password")or die("Unable to connect");
mysql_select_db("$db_name")or die("Unable to select database");

$username=$_POST['username'];
$password=$_POST['password'];

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
session_register("username");
session_register("password");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password, Please be careful when typing them.";
}

ob_end_flush();
?>[/php]

Markus

I changed it a little bit.
log in:
[php]<?php
session_start(); # start up the session

$host="localhost";
$username="root";
$password="root";
$db_name="data";
$tbl_name="login";

mysql_connect("$host", "$username", "$password")or die("Unable to connect");
mysql_select_db("$db_name")or die("Unable to select database");

$username=$_POST['username'];
$password=$_POST['password'];

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1)
{
$_SESSION['logged_in'] = true;
header("location:login_success.php");
}
else
{
echo "Wrong Username or Password, Please be careful when typing them.";
}

?>[/php]

What code do you have for admin.php?

Moman

Quote:

Originally Posted by markusn00b

I changed it a little bit.
log in:
[php]<?php
session_start(); # start up the session

$host="localhost";
$username="root";
$password="root";
$db_name="data";
$tbl_name="login";

mysql_connect("$host", "$username", "$password")or die("Unable to connect");
mysql_select_db("$db_name")or die("Unable to select database");

$username=$_POST['username'];
$password=$_POST['password'];

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1)
{
$_SESSION['logged_in'] = true;
header("location:login_success.php");
}
else
{
echo "Wrong Username or Password, Please be careful when typing them.";
}

?>[/php]

What code do you have for admin.php?

[PHP]<?php
if(isset($_SESSION['logged_in']))
{
#logged in
}
else
{
# not logged in
}
?>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<title>Admin Menu</title>
</head>

 
 
 
 
 
 
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td align="center" bgcolor="#CCCCCC">Administrator 
Menu</td>
</tr>
<tr>
<td width="294" align="center" height="28">Add
News</td>
</tr>
<tr>
<td align="center" height="29">Edit News</td>
</tr>
<tr>
<td align="center"> Logout</td>
</tr>
</table>
</td>
</form>
</tr>
</table>
© 2008 Moman - All rights
reserved

</html>

</html>
[/PHP]

Markus

Try this:
[PHP]<?php
if(isset($_SESSION['logged_in']))
{
?>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<title>Admin Menu</title>
</head>

 
 
 
 
 
 
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td align="center" bgcolor="#CCCCCC">Administrator 
Menu</td>
</tr>
<tr>
<td width="294" align="center" height="28">Add
News</td>
</tr>
<tr>
<td align="center" height="29">Edit News</td>
</tr>
<tr>
<td align="center"> Logout</td>
</tr>
</table>
</td>
</form>
</tr>
</table>
© 2008 Moman - All rights
reserved

</html>
<?php
}
else
{
echo "not logged in";
}
?>
[/PHP]

Check if user is logged in?

re: Check if user is logged in?

re: Check if user is logged in?

re: Check if user is logged in?

re: Check if user is logged in?

re: Check if user is logged in?

Similar PHP bytes

/bytes/development

/bytes/it

/bytes/about