By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
431,818 Members | 1,381 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 431,818 IT Pros & Developers. It's quick & easy.

How to secure pages to require login to access them

P: 19
hi again, i am done with the login form everything works fine so i just want to know how to make the welcomein.php private?? i am working on a community so you would know what i mean could some one give me a simpel script that i can develope to better.
so pliz give me the script for that and the script for how to make a password encrypted in the database

Thanks.
Aug 17 '07 #1
Share this Question
Share on Google+
13 Replies


pbmods
Expert 5K+
P: 5,821
Changed thread title to better describe the problem (did you know that threads whose titles that do not follow the Posting Guidelines actually get FEWER responses?).

Heya, silmana.

How you implement this is largely up to you. The generally-accepted way to do this is to put some kind of logged-in indicator in the _SESSION, which you would then check for when loading a restricted page.

For example, you might set $_SESSION['logged_in'] = true when the User logs in.

Then, when loading a restricted page, you can add this code at the top:
Expand|Select|Wrap|Line Numbers
  1. session_start();
  2. if(empty($_SESSION['logged_in']))
  3. {
  4.     header('Location: http://' . $_SERVER['HTTP_HOST'] . '/login.php');
  5.     exit;
  6. }
  7.  
Aug 18 '07 #2

kamill
P: 71
Hi

For the security purpose you can use md5 function.

md5 is an on way encryption algo, Before storing data into database encrypt it using md5, and at the time of login validate it.
Aug 18 '07 #3

P: 19
Changed thread title to better describe the problem (did you know that threads whose titles that do not follow the Posting Guidelines actually get FEWER responses?).

Heya, silmana.

How you implement this is largely up to you. The generally-accepted way to do this is to put some kind of logged-in indicator in the _SESSION, which you would then check for when loading a restricted page.

For example, you might set $_SESSION['logged_in'] = true when the User logs in.

Then, when loading a restricted page, you can add this code at the top:
Expand|Select|Wrap|Line Numbers
  1. session_start();
  2. if(empty($_SESSION['logged_in']))
  3. {
  4.     header('Location: http://' . $_SERVER['HTTP_HOST'] . '/login.php');
  5.     exit;
  6. }
  7.  
i dont know where you mean i should put this code, do you mean in the welcome page or? cuz i tried and it dosent work, cant you do for me a "demo" page with the correct full scripts for the private login page?
thanks.
Aug 18 '07 #4

pbmods
Expert 5K+
P: 5,821
Heya, silmana.

You put that code at the very top of any page that you want to secure. For example:
Expand|Select|Wrap|Line Numbers
  1. <?php
  2.     session_start();
  3.     if(empty($_SESSION['logged_in']))
  4.     {
  5.         header('Location: http://' . $_SERVER['HTTP_HOST'] . '/login.php');
  6.         exit;
  7.     }
  8.  
  9.     echo 'You will only see this if you are logged in.';
  10. ?>
  11.  
Aug 18 '07 #5

P: 19
sorry dosent work.

here is the site that i want to secure
the code for the site :
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start(); // Alltid överst på sidan
  3.  
  4. // Kolla om inloggad = sessionen satt
  5. if (!isset($_SESSION['sess_user'])){
  6.   header("Location: index.php");
  7.   exit;
  8. }
  9.  
  10. ?>
  11. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  12. <html>
  13. <head>
  14. <meta http-equiv="Content-Type" 
  15.   content="text/html; charset=iso-8859-1">
  16. <title>V&auml;lkommen</title>
  17. <style type="text/css">
  18. <!--
  19. #Layer1 {
  20.     position:absolute;
  21.     left:160px;
  22.     top:12px;
  23.     width:571px;
  24.     height:26px;
  25.     z-index:1;
  26.     background-color: #99CC00;
  27. }
  28. -->
  29. </style>
  30. </head>
  31. <body>
  32.  
  33. <div id="Layer1">
  34.   <table width="572" border="1" bordercolor="#000000" bgcolor="#99CC33">
  35.     <tr>
  36.       <td width="61"><strong>Hem</strong></td>
  37.       <td width="162"><strong>Forum </strong></td>
  38.       <td width="142"><strong>G&auml;stbok</strong></td>
  39.       <td width="63"><a href="welcome.php?logout="><strong>Bråk</strong></a></td>
  40.       <td width="110"><a href="index.php?logout="><strong>Logga ut</strong></a></td>
  41.     </tr>
  42.   </table>
  43. </div>
  44. <strong>V&auml;lkommen <?php echo $_SESSION['sess_user']; ?></strong><br>
  45. <br>
  46. </body>
  47. </html>
pliz show me how to do, reply back with codes.
thanks
Aug 18 '07 #6

pbmods
Expert 5K+
P: 5,821
Heya, silmana.

Please use CODE tags when posting source code. See the REPLY GUIDELINES on the right side of the page next time you post.

Instead of checking for isset() use empty() instead. isset() will return true when $_SESSION['sess_user'] is false, which is probably not desirable.

Which problem are you having?

Are you unable to view the page when you are logged in?
Or are you able to view the page even if you are not logged in?
Aug 18 '07 #7

P: 19
okey did that now its working but, how do i know that when the user logs in he has a private page is there anything that i can add , cuz i want that all the user will only see the same design but not the same information, ? could someone help me with that could i get som script for that
Aug 19 '07 #8

pbmods
Expert 5K+
P: 5,821
Heya, silmana.

So what you're trying to do is to show one set of content if the User is logged in, but a different set of content if he is not?
Aug 19 '07 #9

P: 19
yeah you know like the regular communitys, you logg in and have your profile(private site, info) but the desing is the same for all the users, can you help me with that? send me the codes please.
Aug 19 '07 #10

pbmods
Expert 5K+
P: 5,821
Heya, Silmana.

Ok. Instead of redirecting to the login page if the User is not logged in, you simply not show certain content.

For example:

Expand|Select|Wrap|Line Numbers
  1. if( empty($_SESSION['logged_in']) )
  2. {
  3.     // echo stuff that a not-logged-in User sees.
  4. }
  5. else
  6. {
  7.     // echo stuff that a logged-in User sees.
  8. }
  9.  
Aug 23 '07 #11

P: 65
Hi pbmods;

thanks for ur previous info.It is useful for me too.
but if my case is like one administrator is control all the user in the application..user got many level.different level perform different task.

If i am user like data entry..so i can go to all the page relate with my data entry limitation.So i can't go to other page like finance page..How to i block it?

Thanks
Aug 23 '07 #12

pbmods
Expert 5K+
P: 5,821
Heya, Wish.

The simplest way to do this would be to set up access groups, and then only allow members of a particular group to access each page.

For example, you might create a 'Data Entry' group, and then you could put code similar to this at the top of every data entry page:
Expand|Select|Wrap|Line Numbers
  1. // Only allow Data Entry and Management to access this page.
  2. if( empty($_SESSION['groups']['Data Entry']) || empty($_SESSION['groups']['Management']) )
  3. {
  4.     header('Location: login.php');
  5. }
  6.  
When the User logs in, you would look up any and all groups that the User is a member of and then set them as keys to $_SESSION['groups']:
Expand|Select|Wrap|Line Numbers
  1. $_sql = "SELECT * FROM( `Map_User_Group` LEFT JOIN `Data_Groups` USING( `ID_Group` ) ) WHERE `ID_User` = '$userid'";
  2. $_res = mysql_query($_sql);
  3.  
  4. $_SESSION['groups'] = array();
  5. while( $_row = mysql_fetch_assoc($_res) )
  6. {
  7.     $_SESSION['groups'][$_row['Name_Group']] = $_row['ID_Group'];
  8. }
  9. mysql_free_result($_res);
  10.  
Aug 23 '07 #13

P: 1
Hello,
I have similar issue as Silmana had. I am able to view the logged-in information directly by entering in the url when i am not logged-in. Please help me with code.
Below is my Logged-in Page. This is where i have a welcome message and the employee name then i have a bunch of links that open on new tab. This is strictly for logged-in users only. How can i achieve the following if someone copies or bookmarks a link that is on the Logged-in page it should redirect them to the login page first.

Expand|Select|Wrap|Line Numbers
  1. session_start();
  2.  
  3.  
  4.       // if(!empty($_SESSION['employeeName'])) // If session is not set then redirect to Login Page
  5.       //  {
  6.       //      // header("http://webdev/wordpress/str2/employee-portal/");  
  7.       //      echo '<script type="text/javascript"> window.open("http://webdev/wordpress/str2/employee-portal/","_self");</script>'; 
  8.       //      exit();
  9.       //  }
  10.  
  11.  
  12.       if ((!empty($_SESSION['logged_in'])) && (!empty($_SESSION['employeeName'])))
  13.       {
  14.  
  15.  
  16.  
  17.  
  18.           echo "<strong>Welcome! "  . ucwords(strtolower($_SESSION['employeeName'])) . "</strong>"  . "&nbsp; " .  "<a href='http://webdev/wordpress/str2/logout/' class='loggedinUserPageLink'>Logout</a> "; 
  19.  
  20.           // $_SESSION = array(); //This clears the cache
  21.           // echo "Login Success";
  22.           // echo "<a href='http://webdev/wordpress/str2/logout/'> Logout</a> "; 
  23.           echo "<br><br><a href='http://form.pdf' target='new'>TEST</a>";
  24.  
  25.       }
  26.  
  27.       else
  28.       {
  29.  
  30.          echo '<script type="text/javascript"> window.open("http://webdev/wordpress/str2/employee-portal/","_self");</script>'; 
  31.           exit;
  32.  
  33.  
  34.  
  35.       }    
  36.  
2 Weeks Ago #14

Post your reply

Sign in to post your reply or Sign up for a free account.