471,122 Members | 1,009 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,122 software developers and data experts.

Session Problems

Basicly we're at a navigation page with a lot of different links.

Clicking one of the links will lead you to a new index, but you would only be able to view the index if you are already logged in.

I tried to check that by using this code:
(i put this code on top of the index file's code)

Expand|Select|Wrap|Line Numbers
  1. <?
  2. //check that the user is calling the page from the login form and not accessing it directly
  3. //and redirect back to the login form if necessary
  4. if (!isset($username) || !isset($password)) {
  5. header( "Location: login.php" );
  6. }
  7. //check that the form fields are not empty, and redirect back to the login page if they are
  8. elseif (empty($username) || empty($password)) {
  9. header( "Location: login.php" );
  10. }
  11. else{
  12. ?>
It doesnt work at all and I go straight to index, instead of redirecting us to the login.php.

How do I make this work properly so that the site cannot be viewed directly unless already logged in and stored in a session.

My session code is:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. // start the session
  3. session_start();
  4. //if the session is registered to a valid user then show content
  5. if (session_is_registered("$username")) {
  6.  
  7. echo "Access granted.";
  8. }
  9. //not registered session
  10. else {
  11. header( "Location: login.php" );
  12. }
  13. ?>
Which doesn't seem to be working either..

=(

Thank you for answers
Jul 18 '09 #1
4 1543
hoopy
88
Hi,

First off, session_is_registered, is deprecated, so should not really be used.

You can use the $_SESSION variables to store if the user has authenticated. Consider this very basic example:

login.php
Expand|Select|Wrap|Line Numbers
  1. <form action="auth.php" method="post">
  2. U: <input type="text" name="username"><br />
  3. P: <input type="password" name="password"><br />
  4. <input type="submit" name="submit">
  5. </form>
auth.php
Expand|Select|Wrap|Line Numbers
  1. <?
  2. session_start();
  3. if( $_POST['username'] == "test" && $_POST['password'] == "test" )
  4. {
  5.   $_SESSION['authenticated'] = 1;
  6.   header("Location: menu.php");
  7. } else {
  8.   header("Location: login.php");
  9. }
  10. ?>
menu.php
Expand|Select|Wrap|Line Numbers
  1. <?
  2. session_start();
  3. if(!isset($_SESSION['authenticated']))
  4. {
  5.   // not authenticated redirect
  6.   header("location: login.php");
  7.   exit();
  8. }
  9. // get here we OK.
  10. // display menu, etc. 
  11. echo ("Hello, you are authenticated..");
  12. ?>
So login.php is pretty much just a form which points to auth.php. auth.php starts a session and then checks if the username and pass match that of "test". If not then it redirects back to login.php. If a match occurs it sets the session variable $_SESSION['authenticated'] to 1 and then redirects to what would be your menu page. On menu.php the session is started and a check is made to ensure the session variable $_SESSION['authenticated'] has been set. If not then the user has not authenticated so it redirects back to login.php. If it does exist you are good to display your menu.

This is a very basic example but playing around with it should point you in the right direction.

Best of luck.
Jul 18 '09 #2
Thanks a lot for your answer, I will look more into it this way now that you pointed me in the right direction.

- -
Jul 18 '09 #3
[sorry for double posting]

I tried to get my own login script that logs in the user via MySQL to link to the auth.php, but I was wondering how I could implement it into the mysql login script?

logincheck.php

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. ob_start();
  3. $host="localhost";         // Host name
  4. $username="--------";     // Mysql username
  5. $password="---------";     // Mysql password
  6. $db_name="-------------";     // Database name
  7. $tbl_name="-----------";         // Table name
  8.  
  9. // Connect to server and select databse.
  10. mysql_connect("$host", "$username", "$password")or die("cannot connect");
  11. mysql_select_db("$db_name")or die("cannot select DB");
  12.  
  13. // Define $username and $password
  14. $username=$_POST['username'];
  15. $password=$_POST['password'];
  16.  
  17. // To protect MySQL injection (more detail about MySQL injection)
  18. $username = stripslashes($username);
  19. $password = stripslashes($password);
  20. $username = mysql_real_escape_string($username);
  21. $password = mysql_real_escape_string($password);
  22.  
  23. $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
  24. $result=mysql_query($sql);
  25.  
  26. // Mysql_num_row is counting table row
  27. $count=mysql_num_rows($result);
  28. // If result matched $username and $password, table row must be 1 row
  29.  
  30. if($count==1){
  31. // Register $username, $password and redirect to file "menu.php"
  32. session_register("username");
  33. session_register("password");
  34. header("location: menu.php");
  35. }
  36. else {
  37. header( "Location: login.php" );
  38. }
  39.  
  40. ob_end_flush();
  41. ?>
  42.  
Now I tried to implement it where i marked the text in italics as:
Expand|Select|Wrap|Line Numbers
  1. if($count==1){
  2. // Register $username, $password and redirect to file "boelogin=yes.html"
  3. session_register("username");
  4. session_register("password");
  5. session_start();
  6. $_SESSION['authenticated'] = 1;
  7. header("location: boelogin=yes.html");
  8. }
  9. else {
  10. header( "Location: badlogin=user.html" );
  11. }
  12.  
  13. and also:
  14.  
  15. if($count==1){
  16. // Register $username, $password and redirect to file "menu.php"
  17. session_start();
  18. session_register("username");
  19. session_register("password");
  20. $_SESSION['authenticated'] = 1;
  21. header("location: menu.php");
  22. }
  23. else {
  24. header( "Location: login.php" );
  25. }
  26.  
But nothing prevailed :/
So any ideas to this?
Jul 18 '09 #4
Dormilich
8,656 Expert Mod 8TB
first, session_register() is also deprecated. you just need to implement the authentication as used in post #2 only that you have this time a slightly different if condition. everything else stays the same.
Jul 18 '09 #5

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

27 posts views Thread by mrbog | last post: by
3 posts views Thread by Craig Storey | last post: by
3 posts views Thread by Scott | last post: by
9 posts views Thread by William LaMartin | last post: by
13 posts views Thread by Alexander Widera | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.