×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Sessions

How do I use sessions to protect my pages? by parthshukla
Posted: 28 May 03 (Edited 28 May 03)

make a db called login and a table in it called users add two fields, one name and second pass, add your users in there, don't forget to use the function password for your pass field.....

index.php

<?php

session_start();
//starts the session
if (isset($HTTP_POST_VARS['userid']) && isset($HTTP_POST_VARS['password']))
{
//if the user just tried to log in than
//it will connect to db and will check if the user is in your table

$userid = $HTTP_POST_VARS['userid'];
$password = $HTTP_POST_VARS['password'];

$db = mysql_connect('localhost','root','yourpassword');

mysql_select_db('login',$db);

$query = "select * from `users` where name='$userid' and pass=password('$password')";

$result = mysql_query($query,$db);

$usercheck = mysql_num_rows($result);

//if the user matches than it registers
//the session as valid_user and the user's name or their login name

             if ($usercheck == 1)
             {
             $HTTP_SESSION_VARS['valid_user'] = $userid;
             } else
             {
              echo "Your username or password didn't match.";
              }
}
?>
<html>
<head>
<title>
<?php
//if the session is registered than it will
//write the user's name in the title bar or will ask to log in

if (isset($HTTP_SESSION_VARS['valid_user']))
{
        echo "You are logged in as: ". $HTTP_SESSION_VARS['valid_user'];
}
else
{
        echo "Log in please";
}
?>
</title>
</head>
<body bgcolor=lightblue text=darkblue>
<h1>Main Page</h1>
<?php
//it checks if the session variable valid_user exists
//if it does than it prints what you like
if (isset($HTTP_SESSION_VARS['valid_user']))
{
        echo "You are logged in as: ". $HTTP_SESSION_VARS['valid_user'];
        echo "<br><br>";
    //put your stuff here
        echo "<a href='logout.php'>Log Out</a><br>";

}
else
{

//if the variable userid exists and the user
//wasn't displayed the page above
//it indicates that they did not match in the database

 if (isset($userid))

 {
        echo "Could not log you in, You are not authorised to view this page";
        exit;
 }

//if any of the above variable does not exist
//than the user just to the page, so show them the page

        echo "<form method='post' action='index.php'>";
        echo "<table>";
        echo "<tr><td>Name </td>";
        echo "<td><input type='text' name='userid'></td></tr>";
        echo "<tr><td>Password</td>";
        echo "<td><input type='password' name='password'></td></tr>";
        echo "<tr><td colspan='2' align='center'>";
        echo "<input type='submit' value='Log in'></td></tr>";
        echo "</table></form>";

}
?>
<br>
</body>
</html>
//and that's it...than comes the logout.php

                      logout.php
<?php
session_start();
//starts the session
?>
<html>
<head>
<title>
<?php
//the same function as above, the user's logon name, else saying
if (isset($HTTP_SESSION_VARS['valid_user']))
{
        echo "You were logged in as: ". $HTTP_SESSION_VARS['valid_user'];
}
else
{
        echo "Your did not log in....";
}
?>
</title>
</head>
<body bgcolor=lightblue text=darkblue>
<h1>Log Out Page</h1>
<?php

$old_user = $HTTP_SESSION_VARS['valid_user'];

unset($HTTP_SESSION_VARS['valid_user']);

session_destroy();

if (!empty($old_user))
{
echo "<br>logged out successfully<br>";
}
else
{
echo "<br><b><font color='red'>You did not log in so you are not logged out</font></b><br>";
}
?>

<a href='index.php'> back to main page</a>
</body>
</html>

this is it, now you put the below statment in every page you only want your friends or registered users to see, add the page link to your index.php page, so if teh user hasn't log in than it will show it the unathorized page not the page you only wnat your users to see....

//put this in every page you want only your users to see

if isset($HTTP_SESSION_VARS['valid_user'])
{
//then your page that you want only users to see
}
{
//unuthorization page here
}

thank you..
Parth

Back to PHP FAQ Index
Back to PHP Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close