Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Mar 2006
    Posts
    459
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Stopping Just Anyone From Viewing Pages

    Hi all,

    Ok well I set up a username/password scenario and was able to get it to work and the add the header to the main.php page, which loaded if the user/pass is correct. But then I realised I can access any of the pages just by typing in the link directly... What do I need to add, so that if people link to the page they need to login first...???

  • #2
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    If you're using Apache you can set up an .htaccess file, or setup a check in a .php file and include that in each file, depending on your situation.

  • #3
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,540
    Thanks
    8
    Thanked 1,093 Times in 1,084 Posts
    Tomy ...

    Coincidently, I just saw this on another forum:

    =========================================

    Simple use of sessions ...

    1)
    Your user inputs a username and password on a form,
    which calls a PHP script named "login.php"

    2)
    That "login.php" script looks something like this:

    Code:
        <?php
        session_start();
    
        //variables from your HTML log-in form.
        $pass = $_POST['pass'];
        $name = $_POST['name'];
    
        //this part, you check your database for the correct password ...
        //not sure how you do that, but if the variables $pass and $name
        //match your database, then register the session with a $userid, or
        //something from your database that identifies the user.
    
        if($pass === "the correct password"){
        session_register(user);
        $user = $userid;
        $flag = 1;
        }
        else{
        $flag = 0;
        }
    
        //this part can goto an admin page or do something if
        //the user is logged-in.   Otherwise, it can return back to
        //your HTML form with or without an error message ...
        //however you want to do that.
    
        if($flag==1){
        header ("location: admin.php");
        }
        else{
        $mess="<h2>Sorry, we cannot find that member ...</h2>";
        header ("location: myform.php?mess=$mess");
        }
        ?>

    Now, on every other PHP page you have, you start with this.
    It checks the user session to see if $user has been set (they are logged-in).
    It can drop through (do nothing) and display the page, or it will see that
    the user is not logged-in and return back to the main page ...

    Code:
        <?php
        session_start();
        if(session_is_registered("user")){
        //do nothing
        }
        else{
        header ("location: index.php");
        }
    
        the rest of your page here
    
        ?>

    To log-out, the user closes their browser or this script is executed:

    Code:
        <?php
        if(session_start()){  
        session_destroy();}
        header ("location: index.php");
        ?>

  • #4
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    The example above should use

    PHP Code:
    $_SESSION['user'] = true
    and
    PHP Code:
    if(isset($_SESSION['user'])){ 
    instead of
    PHP Code:
    session_register(user); 
    and
    PHP Code:
    if(session_is_registered("user")){ 
    as it is depreciated

  • #5
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,540
    Thanks
    8
    Thanked 1,093 Times in 1,084 Posts
    Nightfire ....

    Thanks .... I see those things (and do them myself) all the time.
    I guess I'm lazy not to use current scripting. For those reading
    this that are beginning PHP, start developing good habits.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •