Check if user is logged in?

Hello guys,

I am new to PHP and I thought I want to ask, Say I created a login page and if the user/pass match the datbase one it will proceed to admin.php else it will give you a red error "wrong user / pass " but if I try to access admin.php without login script it also works. What's the way to restrict non-logged in users to see this page?

Regards,
Moman

Mar 13 '08 #1

Subscribe Post Reply

44488

Markus

6,050

Expert 4TB

Hello guys,

I am new to PHP and I thought I want to ask, Say I created a login page and if the user/pass match the datbase one it will proceed to admin.php else it will give you a red error "wrong user / pass " but if I try to access admin.php without login script it also works. What's the way to restrict non-logged in users to see this page?

Regards,
Moman

When someone logs in you should set a session
[php]
$_SESSION['logged_in'] = true;
[/php]
then on the admin page you check to see if this is set
[php]
if(isset($_SESSION['logged_in']))
{
# logged in
}
else
{
# not logged in
}
[/php]

Mar 13 '08 #2

Moman

When someone logs in you should set a session
[php]
$_SESSION['logged_in'] = true;
[/php]
then on the admin page you check to see if this is set
[php]
if(isset($_SESSION['logged_in']))
{
# logged in
}
else
{
# not logged in
}
[/php]

Hi Markus,

I tried it and it's still not working - here is my login.php

[php]<?php
$host="localhost";
$username="root";
$password="root";
$db_name="data";
$tbl_name="login";

mysql_connect("$host", "$username", "$password")or die("Unable to connect");
mysql_select_db("$db_name")or die("Unable to select database");

$username=$_POST['username'];
$password=$_POST['password'];

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
session_register("username");
session_register("password");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password, Please be careful when typing them.";
}

ob_end_flush();
?>[/php]

Mar 13 '08 #3

Markus

6,050

Expert 4TB

I changed it a little bit.
log in:
[php]<?php
session_start(); # start up the session

$host="localhost";
$username="root";
$password="root";
$db_name="data";
$tbl_name="login";

mysql_connect("$host", "$username", "$password")or die("Unable to connect");
mysql_select_db("$db_name")or die("Unable to select database");

$username=$_POST['username'];
$password=$_POST['password'];

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1)
{
$_SESSION['logged_in'] = true;
header("location:login_success.php");
}
else
{
echo "Wrong Username or Password, Please be careful when typing them.";
}

?>[/php]

What code do you have for admin.php?

Mar 13 '08 #4

Moman

I changed it a little bit.
log in:
[php]<?php
session_start(); # start up the session

$host="localhost";
$username="root";
$password="root";
$db_name="data";
$tbl_name="login";

mysql_connect("$host", "$username", "$password")or die("Unable to connect");
mysql_select_db("$db_name")or die("Unable to select database");

$username=$_POST['username'];
$password=$_POST['password'];

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1)
{
$_SESSION['logged_in'] = true;
header("location:login_success.php");
}
else
{
echo "Wrong Username or Password, Please be careful when typing them.";
}

?>[/php]

What code do you have for admin.php?

[PHP]<?php
if(isset($_SESSION['logged_in']))
{
#logged in
}
else
{
# not logged in
}
?>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<title>Admin Menu</title>
</head>

 
 
 
 
 
 
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td align="center" bgcolor="#CCCCCC">Administrator 
Menu</td>
</tr>
<tr>
<td width="294" align="center" height="28">Add
News</td>
</tr>
<tr>
<td align="center" height="29">Edit News</td>
</tr>
<tr>
<td align="center"> Logout</td>
</tr>
</table>
</td>
</form>
</tr>
</table>
© 2008 Moman - All rights
reserved

</html>

</html>
[/PHP]

Mar 13 '08 #5

Markus

6,050

Expert 4TB

Try this:
[PHP]<?php
if(isset($_SESSION['logged_in']))
{
?>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<title>Admin Menu</title>
</head>

 
 
 
 
 
 
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td align="center" bgcolor="#CCCCCC">Administrator 
Menu</td>
</tr>
<tr>
<td width="294" align="center" height="28">Add
News</td>
</tr>
<tr>
<td align="center" height="29">Edit News</td>
</tr>
<tr>
<td align="center"> Logout</td>
</tr>
</table>
</td>
</form>
</tr>
</table>
© 2008 Moman - All rights
reserved

</html>
<?php
}
else
{
echo "not logged in";
}
?>
[/PHP]

Mar 13 '08 #6

Similar topics

Check if user is already logged in

by: fr? | last post by:

Hi, i have a website , on wich users have to log in credentials are checked against mysql db some session vars are set during login for use somewhere else in the code. Is there a way to...

PHP

Reality Check: Session Hijacking

by: mrbog | last post by:

Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate...

PHP

What if I dont want to redirect after a user logs in?

by: Brian Lowe | last post by:

I'm using Forms authentication with my user data in a SQL db. I have pages in the main appliaction folder accessible to anonymous users and I've set security to deny annonymous users access to...

ASP.NET

Check group member ship or a user

by: Sameh Ahmed | last post by:

Hello there Is there a way through dotNet to check if a certain user is a member of a specific group? I use ADSI to get the memberships of the user then compare them to the group I want to check,...

Visual Basic .NET

Detect if user is logged in

by: Jarod_24 | last post by:

How do a windows-service detect whether a user is logged or not on a computer? So far i've found nothing in the windows api or any code examples that will allow me to figure this out. The...

Visual Basic .NET

How To check SessionID available or not?

by: Mitul | last post by:

Hi to all, I am working on a site in which I need to check whether user is online or not. If user successfully logged out then I can change status from online to offline but if user do not...

PHP

Check what PC a user is logged into

by: fomalhaut | last post by:

Hi All, I am building a tool for one of our company's service desks, and one of the functions I'm hoping to add is the ability to enter a username and find what PC that user is currently logged...

C# / C Sharp

CHECK IF USER ALREADY LOGGED IN

by: Simon Gare | last post by:

Hi all, below is an insert statement on an asp page that stores the date and time that a driver logged on, what I need is to check that they are now already logged on fields are SQL Server...

ASP / Active Server Pages

How to check who is logged in

by: saddist | last post by:

Hello, For certain reasons I had to make my own USERS table where I store username, passwd, access_lvl and so on. Now I would like to display certian data from database depending on what...

Microsoft Access / VBA

how to automatically show user he's been logged out

by: Keith G Hicks | last post by:

asp.net 2.0 I have set my web.config as follows: <forms timeout="30"/(I know that's the default but I may chang it so the line's in there) I also have a few cookies I'm setting on my login...

ASP.NET

Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"

by: taylorcarr | last post by:

A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...

General

How to turn on java script in a villaon keypad mobile phone

by: Charles Arthur | last post by:

How do i turn on java script on a villaon, callus and itel keypad mobile phone

Java

Batch import of multiple excel files into the database

by: ryjfgjl | last post by:

If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...

Data Management

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Looking to do Android software development, any suggestions? Is flutter better?

by: nemocccc | last post by:

hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

General

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing