SitePoint Sponsor

User Tag List

Page 2 of 2 FirstFirst 12
Results 26 to 35 of 35

Thread: User sessions

  1. #26
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,
    ok you set your session['loggedin'] to true, which is good. But then what? Maybe that you should redirect your users
    PHP Code:
    }else{

        
    $_SESSION['userID'] = $row['userID'];
        
    $_SESSION['username'] = $row['username'];
        
    $_SESSION['loggedin'] = TRUE// Setting session var 'loggedin' to true--> check it on top of each you want to be protected.

    //------------------>REDIRECT YOUR USERS
        

    To check that a page can be viewed by an authenticated member, the only bit of code you need is that one:

    PHP Code:
    if ($_SESSION['loggedin'] == TRUE) {
    //display page
    }
    else {
    //redirect to another page, like index or login...

    There is a little detail that you should not neglect though, this script relies on sessions... So you must make sure that every page you have that uses sessions must have this line at the very top of itself:
    PHP Code:
    <?php
    session_start
    ();

    //...
    //...
    //...
    //...
    I didn't notice that you removed that line

    Everytime you see a session superglobal (ie $_SESSION['whatever']) you will need this at the top of your page, other wise it won't work.


  2. #27
    Evil Genius MilchstrabeStern's Avatar
    Join Date
    Nov 2003
    Location
    Arizona
    Posts
    1,131
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah ha, I'm getting much closer now.

    so this is the bit of code I'm including at the top of all my authenticated pages:

    PHP Code:
    <?php
    session_start
    ();
    if (
    $_SESSION['loggedin'] == TRUE) {
    //display page
    }
    else {
        
    header('Location:http://www.mplionhearts.com/login.php'); // Redirect to error page.
        
    exit;//redirect to another page, like index or login...

    ?>
    yeah it works, if your logged in it will allow you to stay, however I get a nasty error line at the top of the page anyways (even tho the rest of the page displays fine), its one of those common session errors:

    Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/mplionhe/public_html/welcome.php:5) in /home/mplionhe/public_html/check.php on line 2

    Thats the only error I get if I log in, it shows up at the top of the page, but the rest of the page comes up. However try going to http://www.mplionhearts.com/welcome.php and it should redirect you to the login page because your not logged in, but instead you get 3 errors, why is this?
    ]

  3. #28
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    closer right

    that's because you must have the session_start() part at the top of the page including the auth script and not in the auth script itslef:

    PHP Code:
    <?php
    session_start
    ();

    require_once(
    'auth.php'); // or require, include etc....
    got it now?

  4. #29
    Evil Genius MilchstrabeStern's Avatar
    Join Date
    Nov 2003
    Location
    Arizona
    Posts
    1,131
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Awesome it works now thanks so much for the fast and great help!
    ]

  5. #30
    SitePoint Enthusiast boboli's Avatar
    Join Date
    Mar 2003
    Location
    Venice - Italy
    Posts
    34
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by duuudie
    Hi MS,

    Here is some code you might want to modify and use:

    It looks very procedural and I haven't spent much time with security issues, but anyways I am pretty sure that it should get you started:
    ...

    Then use this code on top of each page you want to be protected:
    PHP Code:
      
      
    if ($_SESSION['loggedin'] == TRUE) { 
      
    //display page 
      

      else { 
      
    //redirect to another page, like index or login... 
      

    ....

    that's it pretty much.

    'hope that helped
    Hi duudie..
    I just tryed your code and I have a problem in the page protection...

    I do not understand where to start the session...
    I have a login form that redirect to the checklogin.php than....I can reach the panel.php page if it is not protected (that means that the user and password are correct...)

    If I add the protection to the page...dead end

    I'm always redirected to the error page...
    thanks
    Roberto

  6. #31
    SitePoint Enthusiast boboli's Avatar
    Join Date
    Mar 2003
    Location
    Venice - Italy
    Posts
    34
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by duuudie
    closer right

    that's because you must have the session_start() part at the top of the page including the auth script and not in the auth script itslef:

    PHP Code:
     <?php
     session_start
    ();
     
     require_once(
    'auth.php'); // or require, include etc....
    got it now?
    I think I have the same prob here...

    I do not understand what auth.php is...
    sorry to be dummy

  7. #32
    SitePoint Enthusiast boboli's Avatar
    Join Date
    Mar 2003
    Location
    Venice - Italy
    Posts
    34
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    me again this is my panel.php page (the one that should be protected...)

    PHP Code:
     <?php
     session_start
    ();
     if (
    $_SESSION['loggedin'] == TRUE) {
     
    //display page
     
    ?>
     <head>
     <title>Area Protetta Accademia B&B by BoboliWeb</title>
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     <link href="private.css" rel="stylesheet" type="text/css" media="all" />
     </head>
     
     <body><div id="bodyContent">
       <div id="main">
         <div>
         <fieldset>
     <legend>AREA PROTETTA</legend>
     <p>PANNELLO DI CONTROLLO</p>
     <p>USA I LINK PER INSERIRE O MODIFICARE I DATI INSERITI NEL DATABASE</p>
     <p><a href="periodi.php" target="_blank">VISUALIZZA I PERIODI</a></p>
     <p><a href="tariffe.php" target="_blank">MODIFICA LE TARIFFE</a></p>
     <p><a href="new_tariffe.php" target="_blank">INSERISCI NUOVE TARIFFE</a></p>
     
     </fieldset></div><!-- /main -->
        </div><hr />
     
     
     
     
     <!-- pie' di pagina -->
     <div id="piedipagina">
     
             <p class="footer">Copyright by BoboliWeb 2005</p>
     </div>
     <!-- pie' di pagina -->
     </div></body>
     </html>
     
     <?
     
    }
     else {
         
    header('Location:http://boboli.altervista.org/biga/index.php'); // Redirect to error page.
         
    exit;//redirect to another page, like index or login...
     
    }
     
    ?>
    now it does not take me to panel.php, it stays on login.php but I receive a WHITE page...
    if I refresh the panel.php is loaded correctly... any idea ???

  8. #33
    SitePoint Addict mx2k's Avatar
    Join Date
    Jan 2005
    Posts
    256
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    auth.php is just an example name for the file that holds your function or code block that is used to verify users.

    require('auth.php'); will import the file and script into the current page

    and auth.php will be something on the lines of
    PHP Code:
    <?php

    //intialize variables
    $user "";
    $password "";

    if (isset(
    $_POST['submit']))
    {

         
    $user $_POST['username'];
         
    $pass $_POST['password'];

         
    // sql statement
         
    $query "SELECT user, password FROM users WHERE users = " $user "";

           
    // $dbc stands for your database connection
          
    $result = @mysql_query($query$dbc);

          
    // if there was no result, the user name was incorrect ( as long as your database connection is right
          
    if(!$result) {
                
    $error 'your user name was incorrect';
                 
          }else {

                    while(
    $row mysql_fetch_array(MYSQL_BOTH$result) {
                        
    $pwMatch $row['password'];
                        
    $userMatch $row['user'];

                     } 
    // end while
          


            
    }// end 2nd if
         
            // if the hashed passwords match
            
    if (md5($password) == $pwmatch) {
             
                   
    //then user log in is set true
                  
    $_SESSION['loggedIn'] = true;

            }else {
                  
    // if the statement was false, give an error
                  
    $error  'your password was incorrect, try again';
            
            }
    // end 3rd if

    }// end main if
    ?>
    i would have more error handling and things like testing string length, but you get the idea

    its where your log in script is located. rather than typing it on every page, just include or require it.

    (just make sure that you have session_start(); at the top of every page before everything else)

    so

    PHP Code:
    <?php
    session_start
    ();
    require_once(
    'auth.php'); # or where ever you file is, ie.  includes/auth.php
    ?>
    however if the file is not found, require_once will kill the script's exection unlike include_once()

  9. #34
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    don't have anything to add

    obviously, it's a very simple example of user auth and there are a lot more checks that can be made. But get started with it and make it more thorough later

  10. #35
    SitePoint Enthusiast boboli's Avatar
    Join Date
    Mar 2003
    Location
    Venice - Italy
    Posts
    34
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you duuudie... my problem now is that with IE6 I can reach the protected page only with refreshing the page....
    I posted a new thread asking to test tha pages...
    Thank You
    Roberto


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •