Hi
I want to restrict direct access to pages using php sessions, I want user to enter a login and password for accessing pages.
For trying php sessions, I downloaded from the web two php programs: first program for asking user login and password and If the user enter a valid login and password goes to second program (page)
First php program for asking login and password(index.php):
<?
// Use session variable on this page. This function must put on the top of page.
session_start();
////// Logout Section. Delete all session variable.
session_destroy();
$message="";
////// Login Section.
$Login=$_POST['Login'];
if($Login){ // If clicked on Login button.
$username=$_POST['username'];
$password=$_POST['password']; // Encrypt password with md5() function.
//Mysql connection
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
//Select DB
mysql_select_db("tutorial", $con);
// Check matching of username and password.
$result=mysql_query("select * from admin where username='$username' and password='$password'");
if(mysql_num_rows($result)!='0'){ // If match.
session_register("username"); // Create session username.
header("location:main.php"); // Re-direct to main.php
exit;
}else{ // If not match.
$message="--- Incorrect Username or Password ---";
}
} // End Login authorize check.
?>
<html xmlns="<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<? echo $message; ?>
<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">
<table>
<tr>
<td>User : </td>
<td><input name="username" type="text" id="username" /></td>
</tr>
<tr>
<td>Password : </td>
<td><input name="password" type="password" id="password" /></td>
</tr>
</table>
<input name="Login" type="submit" id="Login" value="Login" />
</form>
</body>
</html>
Second php program (main.php):
<?
// You may copy this PHP section to the top of file which needs to access after login.
session_start(); // Use session variable on this page. This function must put on the top of page.
if(!session_is_registered("username")){ // if session variable "username" does not exist.
header("location:index.php"); // Re-direct to index.php
}
?>
<html xmlns="<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<p>Hello <? echo $_SESSION['username']; ?>! You are now Logged in.</p>
<p><a href="index.php">Logout</a></p>
</body>
</html>
I receive the following message:
Forbidden
You dont have permission to access /main/< on this server.
I'm using wampserver programs are locate at:
c:\wamp\
Any ideas?
I want to restrict direct access to pages using php sessions, I want user to enter a login and password for accessing pages.
For trying php sessions, I downloaded from the web two php programs: first program for asking user login and password and If the user enter a valid login and password goes to second program (page)
First php program for asking login and password(index.php):
<?
// Use session variable on this page. This function must put on the top of page.
session_start();
////// Logout Section. Delete all session variable.
session_destroy();
$message="";
////// Login Section.
$Login=$_POST['Login'];
if($Login){ // If clicked on Login button.
$username=$_POST['username'];
$password=$_POST['password']; // Encrypt password with md5() function.
//Mysql connection
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
//Select DB
mysql_select_db("tutorial", $con);
// Check matching of username and password.
$result=mysql_query("select * from admin where username='$username' and password='$password'");
if(mysql_num_rows($result)!='0'){ // If match.
session_register("username"); // Create session username.
header("location:main.php"); // Re-direct to main.php
exit;
}else{ // If not match.
$message="--- Incorrect Username or Password ---";
}
} // End Login authorize check.
?>
<html xmlns="<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<? echo $message; ?>
<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">
<table>
<tr>
<td>User : </td>
<td><input name="username" type="text" id="username" /></td>
</tr>
<tr>
<td>Password : </td>
<td><input name="password" type="password" id="password" /></td>
</tr>
</table>
<input name="Login" type="submit" id="Login" value="Login" />
</form>
</body>
</html>
Second php program (main.php):
<?
// You may copy this PHP section to the top of file which needs to access after login.
session_start(); // Use session variable on this page. This function must put on the top of page.
if(!session_is_registered("username")){ // if session variable "username" does not exist.
header("location:index.php"); // Re-direct to index.php
}
?>
<html xmlns="<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<p>Hello <? echo $_SESSION['username']; ?>! You are now Logged in.</p>
<p><a href="index.php">Logout</a></p>
</body>
</html>
I receive the following message:
Forbidden
You dont have permission to access /main/< on this server.
I'm using wampserver programs are locate at:
c:\wamp\
Any ideas?